Posting in the Magento forums has been disabled pending the implementation of a new and improved forum solution which should better serve the community.

For new questions please post at magento.stackexchange.com, the community-run support site for the Magento community. We will be providing updates on the new forum solution soon. For questions or concerns please email community@magento.com.

Magento Forum

Just a few questions
 
Michael Cleef
Sr. Member
 
Avatar
Total Posts:  96
Joined:  2008-08-17
Latrobe Valley - Australia
 

Hi All,

Currently, I’m with a company who wants to switch to magento for all of our ecommerce customers. Unfortunately, because magento requires such strange file permissions for an install, it takes us quite some time to install the program. We have never been hacked by anyone, until we installed a copy of magento to our server.

Is it possible to install magento, and update through magento connect without having to set any permissions to 777?

Can the permissions be set back to a more secure set once magento has been installed?

Is there a safer, yet just as automated way to install updates into magento?

Thanks, Michael.

 
Magento Community Magento Community
Magento Community
Magento Community
 
JLHC
Mentor
 
Avatar
Total Posts:  1287
Joined:  2008-05-09
Tampa, FL
 

If you are concerned about security, I suggest you to enable suPHP/suEXEC in the server, as it uses 755 instead of 777, which is uses “user” instead of “nobody” for writing. wink

 
Magento Community Magento Community
Magento Community
Magento Community
 
joyously
Guru
 
Total Posts:  447
Joined:  2008-08-21
 

I installed on my server without using 777.  I followed the command line instructions I found in the Wiki (the only way I found to get it to actually install). But I skipped the last commands that set everything to open permissions.
Then I tried a few things in the backend. It wouldn’t load the javascript, so none of the menus worked. Basically, I monitored the error log to see which directories it didn’t like. There are just a few that you have to remove the group write permission from in order for Magento to work.

I have used Magento Connect and it works too, so I don’t understand why the recommendation is to open it up to 777.

 
Magento Community Magento Community
Magento Community
Magento Community
Magento Community
Magento Community
Back to top