The following is a list of the directories that must be ‘writeable’ for Joomla 1.0.x to work properly. I’m including it here as a reference. In most cases individuals that install Joomla will simply chmod the permissions for these directories to 707 or 777. I have found through personal experience that this is not very secure (using 707 or 777 anywhere on your site allows a ‘hacker’ who may find a vulnerable script to upload anything they want to your server - aka ebay/paypal spoof sites, etc).
I have found a few solutions, but have not implemented any as of yet. The most promising looks like mod_suphp (aka PHPsuexec). I will post my solution to this issue once it is fully tested. In the mean time I am setting all directories to 755 and files to 644 and temporarily changing them when needed.
administrator/components/
administrator/modules/
administrator/templates/
cache/
components/
images/
images/banners/
images/stories/
language/
mambots/
mambots/content/
mambots/editors/
mambots/editors-xtd/
mambots/search/
mambots/system/
media/
modules/
templates/
June 30th, 2008 at 3:50 am
One good reason to upgrade to Joomla1.5
Writes using an FTP user so your files can be unwritable for PHP user. Limits the vulnerabilities that can write to disk to those using the FTP user and not just any PHP file in Joomla.
June 30th, 2008 at 3:59 am
I agree - lots of people out there using 1.0.x however. Some of my clients prefer not to upgrade.