[Pkg-owncloud-commits] [owncloud-doc] 62/110: Improvements to Setting Strong Directory Permissions

David Prévot taffit at moszumanska.debian.org
Fri Feb 6 21:10:35 UTC 2015 

This is an automated email from the git hooks/post-receive script.

taffit pushed a commit to branch master
in repository owncloud-doc.

commit 734b7846b30fd12ddd7072b78c350fe1a9336fbd
Author: Carla Schroder <carla at owncloud.com>
Date:   Wed Jan 7 13:04:58 2015 -0800

    Improvements to Setting Strong Directory Permissions
---
 admin_manual/installation/installation_wizard.rst | 61 ++++++++++-----------
 admin_manual/installation/source_installation.rst | 66 ++---------------------
 2 files changed, 30 insertions(+), 97 deletions(-)

diff --git a/admin_manual/installation/installation_wizard.rst b/admin_manual/installation/installation_wizard.rst
index 25b9486..289eb63 100644
--- a/admin_manual/installation/installation_wizard.rst
+++ b/admin_manual/installation/installation_wizard.rst
@@ -3,10 +3,8 @@ Installation Wizard
 
 When ownCloud prerequisites are fulfilled and all ownCloud files are installed
 on the server, the last step to complete the installation is
-running the Installation Wizard.
-
-* Open your web browser
-* Navigate to your ownCloud instance.
+running the Installation Wizard. Open your Web browser to your new ownCloud 
+installation.
 
   * If you are installing ownCloud on the same machine as you are accessing the
     install wizard from, the URL will be ``http://localhost/owncloud``, or ``https://localhost/owncloud`` if you have enabled SSL.
@@ -31,12 +29,12 @@ password that you want.
 Storage & Database
 ~~~~~~~~~~~~~~~~~~
 
-* Click ``Storage & Database`` to see all of your database options, and to optionally change the default data storage directory.
-
-* The database you want to use must already be installed, and you must have a database admin user and password.
-
-* Enter any arbitrary name for the Database name. This must be a database that does not already exist.
-
+* Click ``Storage & Database`` to see all of your database options, and to 
+  optionally change the default data storage directory.
+* The database you want to use must already be installed, and you must have a 
+  database admin user and password.
+* Enter any arbitrary name for the Database name. This must be a database that 
+  does not already exist.
 * If you are not using Apache as the web server, it is highly
   recommended to configure the data directory to a location outside of
   the document root. Otherwise all user data is potentially publicly
@@ -83,12 +81,12 @@ Finish Installation
 Setting Strong Directory Permissions
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
-For hardened security we highly recommend setting the permissions on your 
-ownCloud directory as strictly as possible. These commands should be executed 
-immediately after the initial installation. Your HTTP user must own at least the 
-``config/``, ``data/`` and ``apps/`` directories in your ownCloud directory so 
-that you can configure ownCloud, create, modify and delete your data files, and 
-install apps via the ownCloud Web interface. 
+For hardened security we recommend setting the permissions on your ownCloud 
+directory as strictly as possible. This should be done immediately after the 
+initial installation. Your HTTP user must own the ``config/``, ``data/`` and 
+``apps/`` directories in your ownCloud directory so that you can configure 
+ownCloud, create, modify and delete your data files, and install apps via the 
+ownCloud Web interface. 
 
 You can find your HTTP user in your HTTP server configuration files. Or you can 
 create a PHP page to find it for you. To do this, create a plain text file with 
@@ -123,13 +121,16 @@ directory, and replace the ``htuser`` variable with your own HTTP user::
  find ${ocpath}/ -type d -print0 | xargs -0 chmod 0750
 
  chown -R root:${htuser} ${ocpath}/
- chown -R ${htuser}:root ${ocpath}/apps/
- chown -R ${htuser}:root ${ocpath}/config/
- chown -R ${htuser}:root ${ocpath}/data/
+ chown -R ${htuser}:${htuser} ${ocpath}/apps/
+ chown -R ${htuser}:${htuser} ${ocpath}/config/
+ chown -R ${htuser}:${htuser} ${ocpath}/data/
 
- chown ${htuser}:root ${ocpath}/.htaccess
+ chown root:${htuser} ${ocpath}/.htaccess
  chown root:${htuser} ${ocpath}/data/.htaccess
  
+ chmod 0644 ${ocpath}/.htaccess
+ chmod 0644 ${ocpath}/data/.htaccess
+ 
 If you have customized your ownCloud installation and your filepaths are 
 different than the standard installation, then modify this script accordingly. 
 
@@ -142,21 +143,13 @@ and files:
   executable bit set), read-write for the directory owner, and read-only for 
   the group owner
 * The :file:`/` directory should be owned by ``root:[HTTP user]``
-* The :file:`apps/` directory should be owned by ``[HTTP user]:root``
-* The :file:`config/` directory should be owned by ``[HTTP user]:root``
-* The :file:`data/` directory should be owned by ``[HTTP user]:root``
-* The :file:`[ocpath]/.htaccess` file should be owned by ``[HTTP user]:root``
+* The :file:`apps/` directory should be owned by ``[HTTP user]:[HTTP user]``
+* The :file:`config/` directory should be owned by ``[HTTP user]:[HTTP user]``
+* The :file:`data/` directory should be owned by ``[HTTP user]:[HTTP user]``
+* The :file:`[ocpath]/.htaccess` file should be owned by ``root:[HTTP user]``
 * The :file:`data/.htaccess` file should be owned by ``root:[HTTP user]``
-
-For example, on Ubuntu Linux these commands set the ownership and permissions 
-on the :file:`data/` directory::
- 
- $ sudo chown -R www-data:root /var/www/owncloud/data
- $ sudo chmod 0750 /var/www/owncloud/data
- 
-All new files in the :file:`data/` directory automatically inherit the correct 
-permissions, 0640, 
-
+* Both :file:`.htaccess` files are read-write file owner, read-only group and 
+  world
 
 Trusted Domains
 ~~~~~~~~~~~~~~~
diff --git a/admin_manual/installation/source_installation.rst b/admin_manual/installation/source_installation.rst
index 6899625..34e225a 100644
--- a/admin_manual/installation/source_installation.rst
+++ b/admin_manual/installation/source_installation.rst
@@ -160,69 +160,9 @@ security.
 Setting Strong Directory Permissions
 ------------------------------------
 
-Your HTTP user must own at least the ``config/``, ``data/`` 
-and ``apps/`` directories in your ownCloud directory so that you can 
-configure ownCloud, create, modify and delete your data files, and install apps 
-via the ownCloud Web interface. We recommend setting the directory 
-permissions as strictly as possible for stronger security.
-
-You can find your HTTP user in your HTTP server configuration files. Or you can 
-create a PHP page to find it for you. To do this, create a plain text file with 
-a single line in it:
-
-      ``<?php echo exec('whoami'); ?>``
-   
-Name it ``whoami.php`` and place it in your ``/var/www/html`` directory, and 
-then open it in a Web browser, for example ``http://localhost/whoami.php``. You 
-should see a single line in your browser page with the HTTP user name.
-
-.. note:: When using an NFS mount for the data directory, do not change its 
-   ownership from the default. The simple act of mounting the drive will set 
-   proper permissions for ownCloud to write to the directory. Changing 
-   ownership as above could result in some issues if the NFS mount is 
-   lost.
-
-The generic command to change ownership of all files and subdirectories in a 
-directory is::
-
-    chown -R <http-user>:<http-user> /path/to/owncloud/
-    
-For hardened security we  highly recommend setting the permissions on your ownCloud directory as strictly 
-as possible. These commands should be executed immediately after the initial installation::
-  
-    chown -R root:root /path/to/owncloud/
-    chmod -R 0755 /path/to/owncloud/
-    chown <http-user>:<http-user> /path/to/owncloud/config/
-    chmod 0750 /path/to/owncloud/config/
-    chown <http-user>:<http-user> /path/to/owncloud/config/config.php
-    chmod 0750 /path/to/owncloud/config/config.php
-    chown -R <http-user>:<http-user> /path/to/owncloud/data/
-    chmod -R 0750 /path/to/owncloud/data
-    chown root:root /path/to/owncloud/data/.htaccess
-    chmod 0755 /path/to/owncloud/data/.htaccess
-    chown <http-user>:<http-user> /path/to/owncloud/apps/
-    chmod 0750 /path/to/owncloud/apps/
-    
-These strict permissions will prevent the Updater app from working (see :doc:`../maintenance/update`). If you use the Updater app, it needs your whole
-ownCloud directory to be owned by the HTTP user, like these examples:
-
-* This example is for Ubuntu 14.04 LTS server::
-   
-    chown -R www-data:www-data /var/www/owncloud
-
-* Arch Linux::
-
-    chown -R http:http /path/to/owncloud/
-
-* Fedora::
-
-    chown -R apache:apache /path/to/owncloud/
-	
-* openSUSE::
-
-    chown -R wwwrun:www /path/to/owncloud/
-    
-After the Updater app has run, you should re-apply the strict permissions. 
+We recommend setting the directory permissions in your ownCloud installation as 
+strictly as possible for stronger security. Please refer to the ``Setting 
+Strong Directory Permissions`` section of :doc:`installation_wizard`.
 
 SELinux
 -------

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-owncloud/owncloud-doc.git

More information about the Pkg-owncloud-commits mailing list