Permissions: Should I follow wiki or installation screen? (URGENT)

[booblebab]

An important question:

In PrestaShop 1.2.2, the installation screen that shows the green check-marks on what permissions have been set, says something different to what the wiki (http://www.prestashop.com/wiki/Installing_And_Updating_PrestaShop_Software/) does.

In the installation screen, some folders also need recursive permissions, while in the wiki it says they dont.

What should I follow? The wiki, or the installation screen?

Thanks!

[Radu]

according to the svn installation files are more up to date than wiki - so follow them

[booblebab]

ah cool thanks for letting me know
ur a dev?

[Radu]

I am not part of presta team - just a programmer that uses presta. I am checking svn to keep track of the development process - latest bugs fixes etc...

[booblebab]

ah cool
another question about this, in the installer it says:

Write permissions on files and folders:
/config
/tools/smarty/compile
/sitemap.xml

Write permissions on folders and subfolders/recursively:
/img
/mails
/modules
/themes/prestashop/lang
/translations
/upload
/download

my question is - does the first thing mean to apply the 777 permissions to the directory only, or also the files? because it says: "on files and folders", so recursively into the file, but not subfolders?

do u get what i mean?

if i set something up wrong here, like, i just set the permissions for the first group of things to both the directory and the files in it, can that be harmful in any way? cause problems?

[Radu]

set up permissions recursively for first set too - the folders should be empty that's why they say it doesn't matter if it's recursive or not

[booblebab]

hmm, are you sure? because cant that cause some security threats to the store?

because i presume that config is an important dir?

im not really sure about WHAT (in simple terms) the 777 permissions are... like, who the ppl who can write/read etc. are, but ye... so maybe tahts why im asking that..

[Radu]

yes I am sure, however after installing presta - go to config dir and reestablish the rights - 755 for intance

the config dir is needed for the installation of presta - here will be config files for database, smarty, shop

/tools/smarty/compile will hold the template files - if it's not empty it's wise to give a recursive 777
---------------------------------------------


usually giving 777 on a shared server is not recommended but that may be the only way of getting this written by apache which often runs as user nobody

you can try to see if 770 works for you for config dir - if not give it 777 and reverse to 755 after install

[booblebab]

ah alright, so ill set everything like that

what is a "shared server"?

also, whats the difference if i set the 777 recursively, or just normal... i.e. what can a hacker do? put files there?

[booblebab]

another thing, previously after i installed prestashop, i had problems with: http://www.prestashop.com/forums/viewthread/27253/

could that be because of permissions?

[Radu]

http://www.prestashop.com/forums/viewthread/27253/ is not related to permission issues. It's just that the new theme has a file or more missing. If the theme is for 1.1 try to turn on from preferences v1.1 theme compatibility = Yes


regarding 777 - an attacker MIGHT upload a file there if you have a security issue in your web application (prestashop for instance) - but this attacks are not trivial and depend on some factors. So if you have a dir chmod-ed to 777 doesn't mean you'll be hacked

shared server? http://en.wikipedia.org/wiki/Shared_web_hosting_service

[booblebab]

ah, but i did switch on the v1.1 theme compatibility thing - and it didnt work..
the theme is from www.prestathemes.com - know it?

ok, and so to put permissions back as they were - default is 755, corect?

[Radu]

755 just for config folder

don't know the theme sorry -> follow what's stated in the http://www.prestashop.com/forums/viewthread/27253/ -> copy the missing files from the prestashop theme folder.

[booblebab]

ah, okay thanks
so its ok to just copy stuff like that over?