Hi; I have a linux server (centos 5) with whm/cpanel and i'm using this server for my joomla web sites. I will try to explain my problem with an example. I'm creating users on my server . Lets think the username is USERNAME. When i try to upload files with ftp, there is no problem . all files are being owned by USERNAME. But when i try to upload new files from joomla admin panel (or with a different php script), all files are being owned by root (99). how can i solve this problem? Thanks
who is owner of your joomla OR the tools used to upload via joomla ? most likely you have those joomla tools owned root and thus all uploaded files then belong to root.
That's because Apache/PHP is has to assign a user to the file, with a user that's on the system. In this case it assigns root. It has nothing to do with who "owns" Joomla.
BUT you NEVER assign files and tools to ROOT on a web server filesystem !!!!!!! absolutely NEVER !!! if so on your current system - then you are asking for greatest possible troubles. among others: any hacker entering your joomla has FULL root access and can do WHATEVER he wants including site highjacking or deleting or reformating/deleting your entire HDD. any uploaded file ( jpg, gif, or whatever ) on your joomla or forum or other member pages also has root privileges. hence any trojan or virus or other damaging script has full root permissions/powers !! for that reason a normal Linux system has OTHER system users assigned that are typically used by apache such as wwwrun and such files also belong to a GROUP - typically for example www ... or similar depending on distribution!!! this current situation is a clear extreme MIS-configuration from your side and should be secured ASAP. of COURSE this has to do with OWNERSHIP !! to change ownership you use chown and assign proper user AND owner to files or complete file structures !! see your manual for details man chown
i think i have told somethink wrong. all of my my files are assigned to a user (not root). my main problem is the files which are created by php actions like cache files or any picture which i upload from a web interface are being owned by root. there is a misconficuration on my server but what?
check your apache config either httpd.conf or default-server.conf or whatever your dist calls it there are 2 lines to define/configure who OWNER is of apache created files as well as group the files belong to in SuSE these lines would be typically User wwwrun Group www the groups need to exist and be designed for SECURE ( hacker-wise ) use in www documents typical Linux dists have such user/groups already existing most likely you have User root there. if so - then adapt/correct according to your dist's need