Hello, In purpose to install “DoorGets CMS“, I did set permissions (chmod) to 777 on “web“ folder within root directory (using FTP client) but the “DoorGets CMS“ installation wizard remains blocked at permissions settings (step 2) with this message : Your folder does not have required permissions… Solution : sudo chmod -R 777 /var/www/clients/client1/web3/web *** TUTORIAL *** http://www.doorgets.com/t/en/?documentation=installation-en I did also set permissions to 777 on “DoorGets CMS“ setup directory : /var/www/clients/client1/web3/web/setup Is there anything else that I should do, or that I missed to do ? Regards,
Sorry to say that, but if a CMS recommends you to run a chmod 777, then I would stay away from it as the persons that wrote it have no idea of server security. So the first thing if you want to use it anyway, undo the chmod 777. All you have to do is to ensure that all files and folders are owned by the web user and client group of the website. sudo chown -R web3:client1 /var/www/clients/client1/web3/web/*
I'll fully agree on avoiding mode 777 and maybe the entire cms; you could maybe help their project/users out by filing a bug against their installer. A simple test to see if the web root is writable is much more appropriate then blindly forcing the least restrictive permissions possible. Yes, I think I would avoid the project myself as well, web application security is not trivial, and that indicates not only a lack of effort for security, but probably nearly complete ignorance of where to even begin.
I guess to be fair, what @till said is more accurate, we are discussing specifically server security, which is just one aspect of overall web app security. Maybe the app does great in other areas.
