|
|
|
|
|
|
| Re: Default theme doesn't apply [message #6228 is a reply to message #6224] |
Sun, 06 October 2002 19:38   |
Olliver
Messages: 443
Registered: March 2002
Karma: 0
|
Senior Member |
|
|
Hi,
Do NOT lock up ur files using the feature in the admin control panel. This will only work if the webserver owns the files. Because of the Puretec settings, the server will never own ur files hence chmodding them to 700 means that it cannot access them any more (neither files' owner nor member of the group). Best option is to create a .htaccess with "deny from all" for ur hidden directory. The server needs to write on these files and so does it for ur theme directory. Further write access is needed for the smileys and avatars directories.
bye
Ken
|
|
|
|
|
|
| Re: Default theme doesn't apply [message #6240 is a reply to message #6230] |
Sun, 06 October 2002 21:30 |
Olliver
Messages: 443
Registered: March 2002
Karma: 0
|
Senior Member |
|
|
To understand this, u have to be familiar with Unix  . In general, files on UNIX systems have three properties of ownership.
1. owner himself
-rw------- 1 JoeDoe Staff
This would be read and right access, neither the group (staff) nor anyone else could get access to this file. the command would be:
chmod 600
2.group
-rwxr-x--- 1 JoeDoe Staff
let's assume joe doe has a kewl shell script (hence the executable flag is set) and wants his group members (staff) to make use of it too. to avoid changes to this file he removed the write flag. Anyone else still hasn't got access to this file. the command would be:
chmod 750
3. anyone else
the same joe doe has written a useful manual on how to perform file manipulations using perl. he would set the file to:
-rw-r--r-- 1 JoeDoe Staff
which equals chmod 644 Only in this case anyone who has access to the system can read the file. And exactly this case applies to Puretec. The server runs all scripts through the cgi wrapper as an unprivileged user. it does not own the files and belongs to a different group. hence it can only show the files if it has the "anyone" access.
4. Directories
Directories' rights have higher priority. if ur file has
-rwxr-xr-x and is a perlscript and resides in a directory with dr-x------ then it means that the file inherits this attribute -> the server can't read it. The owner himself can only modify or delete this existing file in the directory but can't create a new one because the inherited attribute is -r-x------ for files in the directory. As the directory's owner he still can individually change the file's right
Please note: u need at last read and execute flag for entering a directory. x because u want to invoke commands like ls or cat, don't u? So the only useful options are r+x (5) r+w+x (7) or nothing (0)
This is how it works Where the server can take the ownership of the files (php must be running as apache module) it can be made safe by chmodding anything to 600. Where it runs as cgi chmod 600 would be like shooting oneself in the foot.
hope this helps
bye Ken
[Updated on: Sun, 06 October 2002 21:39] Report message to a moderator |
|
|
|
|
|
| Re: Default theme doesn't apply [message #6245 is a reply to message #6243] |
Sun, 06 October 2002 22:28 |
Olliver
Messages: 443
Registered: March 2002
Karma: 0
|
Senior Member |
|
|
At first u need to create the directories for the forum and the hidden files. it needs 777 as attribute because that will be the location the install script will write to. next put it anywhere u like on ur webserver (or account), it just has to be within ur webroot. after a fresh install it will default to chmod 600 for the theme directory. This will cause the problem already described by Holger. Best is to unlock the files in the AdminCP. sounds dangerous, but it isn't actually because, at Puretec the server never owns the files. The downside is of course that someone invoking commands via php will be able to browse ur directory and possibly read ur scriptfiles. U can't change this because at the same time u would prevent the webserver from reading ur files too. But this does not apply to the forum. it stores sensitive data within the hidden dir. Since the files there are never called directly u can protect this dir with .htaccess .
Bye Ken
[Updated on: Sun, 06 October 2002 22:33] Report message to a moderator |
|
|
|
|
|
| Re: Default theme doesn't apply [message #6253 is a reply to message #6250] |
Sun, 06 October 2002 22:47 |
Ilia
Messages: 13241
Registered: January 2002
Karma: 0
|
Senior Member
Administrator
Core Developer |
|
|
There is no way to install the forum without the install.php script. And there is unlikely to ever be one, the only possible thing I see for the future, is the ability to install the forum via an install script that can run via the shell, rather then via the webserver like it does.
FUDforum Core Developer
|
|
|
|
| Re: Default theme doesn't apply [message #6260 is a reply to message #6250] |
Sun, 06 October 2002 23:29 |
Olliver
Messages: 443
Registered: March 2002
Karma: 0
|
Senior Member |
|
|
| valiant wrote on Mon, 07 October 2002 00:43 |
you still misunderstand me.
i just wanted to know if there's another way to install the forum without the install.php script.
|
Xuse me, what? Ur original question sounded kinda different:
| Quote: |
Ken, you said on puretec the webservers doesn't own the files.
My question was how was the FUDForum installed on this puretec server?
|
I can't really see that I misunderstood a single word. Besides it's like prottoss already pointed out. It doesn't make much sense to manually copy the files to the server.
Bye Ken
|
|
|
|
|
|
Calendar
Search
Help
Members
Register
Login
Home
have you seen the movie? 
]