Support

Akeeba Backup for Joomla!

#29212 Warning Message in Akeeba Backup, and AdminTools

Posted in ‘Akeeba Backup for Joomla! 4 & 5’
This is a public ticket

Everybody will be able to see its contents. Do not include usernames, passwords or any other sensitive information.

Environment Information

Joomla! version
n/a
PHP version
n/a
Akeeba Backup version
n/a

Latest post by on Saturday, 17 March 2018 18:17 CDT

hpinson
I continue to get the annoying message: "Akeeba Backup could not determine the permissions of the media/com_akeeba directory."

1. I manually set permissions on that folder to 755 and the message goes away.

2. In AdminTools 5.0.1 I click Fix permissions and in Akeeba Backu the message returns.

3. For security reasons, enabling the FTP module IS NOT AN OPTION for us.

This tells me that Fix Permissions in AdminTools may not be working as expected.

How can we get this fixed?

nicholas
Akeeba Staff
Manager
1. The correct permissions for that folder are 0755: owner user has full privileges, owner group and everyone else can only list the contents and read files from it. Anything else would make it impossible for your web server to deliver the file to the browser, triggering the warning in Akeeba Backup (that's exactly why it's displayed, because the Javascript that suppresses it cannot be loaded!).

2. These are also the default permissions for Admin Tools' fix permissions feature: 0755 for folders, 0644 for files. So it sounds like you changed something, breaking your site. Revert to the default permissions settings, save them and run the Fix permissions feature again.

3. This is a matter of how your web server and the underlying operating system works. Your web server is set up to run under a global user such as nobody or www-data for all sites hosted on that machine. However, each site runs inside an account owned by a different user. This creates a disparity between who owns the files and who accesses them through PHP. If you do not use the FTP layer, PHP -which runs inside your web server- is not the owner of some of the files on your site and as a result it's forbidden from changing their permissions.

For security reasons we VERY STRONGLY advise to NOT use this kind of software setup. It is DANGEROUS and it WILL lead to your sites getting hacked. It's 2018. For more than ten years it's been trivial to have each site run under its own user using a variety of method, ranging from suPHP (back in the olden days) to FastCGI (modern method) to virtualization (non-trivial). In all of these cases the owner of the file and the user the site runs under is the same, allowing the server administrator to apply proper account isolation. This means that should site A get compromised, site B is safe because site A cannot write into its files and the folder permissions on both sites prevent site A from even reading site B's files. This cannot be done when the web server runs under a global user.

As a result, the proper course of action is fixing your hosting to use per-site users and account isolation. Everything else is a temporary workaround.

Nicholas K. Dionysopoulos

Lead Developer and Director

🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

System Task
system
This ticket has been automatically closed. All tickets which have been inactive for a long time are automatically closed. If you believe that this ticket was closed in error, please contact us.

Support Information

Working hours: We are open Monday to Friday, 9am to 7pm Cyprus timezone (EET / EEST). Support is provided by the same developers writing the software, all of which live in Europe. You can still file tickets outside of our working hours, but we cannot respond to them until we're back at the office.

Support policy: We would like to kindly inform you that when using our support you have already agreed to the Support Policy which is part of our Terms of Service. Thank you for your understanding and for helping us help you!