Hey everyone
I'm trying Jumpbox for Joomla 1.5 for the first time, and I think itøs really frustrating. Because there is no FTP connection for the Jumpbox setup, I have nothing but problems when trying to install new extensions.
As I see it, Joomla it the best Open Source system because of its extendability, but when almost all installs error because of wrong file permissions, it's not really an advantage.
Am I wrong, or do I have to CHMOD 777 almost my entire site just to be able to install extensions?
permissions on jumpbox joomla
after reading the comments here I was able to get Akeeba (Joomlapack) to work on my jumpbox joomla 1.5 version
First go to the management page in jumpbox the link is in your Jump Box Console screen
Once in I enabled the ssh/ftp
Then use your favorite ftp program or sftp and ftp in, the host will be the IP address of your jump box site, also displayed on the console page. user name will be admin and use the password you created for the admin on the Joomla site.
You will find the Joomla install in the path var/data/joomla15
From the Akeeba configuration page, you can find the directory that is being use for the backup files. CHMOD this directory to 777. Since I am using jump box on parallels on a Mac, and all is local I am not worried about some hacking into my jump box. I intend to use the jump box for development and Akeeba to move the site to a production server. Obviously after the move make sure the directory you set to permissions 777 is changed back to something safe, but use able to your site.
using ftp or any method to modify templates?
Hi,
I like jumpbox because you download it and double click and it's up and running. But I don't see any way to modify say the joomla logo that comes in the default templates. I installed joomla15-1.1.12 and I can't figure out how to get this done. I read in this forum that users are able to ftp etc. If I want to ftp from my mac os x to the jumpbox virtual machine (that runs joomla) how can I do that?
joomla's ip address is 192.168.2.5 if I am in bridge mode in the virtual machine and 192.168.118.4 if I am in nat mode. Could someone please show me how to do this if it is possible. Thanks
using ftp or any method to modify templates?
Users can connect to the JumpBox using SFTP (it works similarly to FTP) after enabling SSH/SFTP in the JumpBox Admin Portal. Once that SFTP is enabled you can connect to the JumpBox with a SFTP client (like Cyberduck for the Mac) and upload or modify files on the JumpBox.
As for Joomla, the files are located in /var/data/joomla15. You should be able to find a place to put a logo, or overwrite an existing logo or whatever the recommended Joomla method might be for modifying your. Here's one suggestion from the Joomla Documentation:
http://docs.joomla.org/Tutorial:How_to_replace_the_Joomla!_logo.
It may not even be necessary to upload it via SFTP. You might be able to load it in the Media Manager and then modify your template, as shown in the link above, to use that logo.
Austin
Hey Austin Thanks for your
Hey Austin
Thanks for your time, I appreciate.
The problem is, that if you don't use the FTP layer in Joomla, you have to make all files and folders writable (they are not in my system right now), and that must be a much bigger security risk than enabling FTP access? The biggest succes of Joomla 1.5 was to introduce the FTP layer so Joomla users don't have to CHMOD their folders and files.
The FTP layer is not something that is used by Joomla users, only by the Super Administrator that is installing the site.
So it isn't a specific extension that doesn't install properly. If you don't enable the Joomla FTP layer, then all of these functions are not working properly unless you CHMOD all of your files and folders to 777:
1) Media Manager upload / deletion / creation of folders and files
2) Install / Uninstall extensions
3) Edit your templates
4) All other things where you upload or edit files
I guess my question is: Isn't it a biiiig security risk to make all your files and folders writable?
Hey Austin Thanks for your
You bet its a big risk to make your files world writable. But more importantly it is a risk to make them writable by the webserver. An FTP connection sends your username and password in clear text, thus giving it to anyone who might be able to listen to your traffic, clearly a bad situation.
Here's our general rule that we try to follow. The JumpBox makes the app owned and writable by the admin user, and the group is set to the webserver, which typically only has read access. Then we determine the necessary exceptions to these rules for each app.
Since the admin user can typically write anywhere in the app directory, he can SSH or SFTP to the JumpBox to add plugins or make arbitrary modifications. For the rare cases the admin user doesn't have write permission, the admin can use sudo on the command line to make a change as the root user.
Any plugin or extension to Joomla (or any likely JumpBox that adheres to these rules) would install through the applications plugin manager fine as long as it doesn't overwrite existing files or directories. So, perhaps the reason it works well for my simple test of trying a random plugin but fails for you can be explained by that. Plugins that overwrite application files scare me.
I think we need to look at this FTP layer. I bet that I have simply failed to understand an important detail. I can probably install an FTP server that only listens locally (thus the FTP server is not accessible to the internet only accessible by Joomla locally.), which would make it vastly safer.
Thank you for having this conversation with me, I will look to see if its possible to make that work safely.
Austin
Hey Austin Thanks again for
Hey Austin
Thanks again for your quick answer, it's great support.
Yes, you are totally right that I install extensions that override older files. But that is not only the case with some plugins. It's also the case when I want to:
1) Upgrade Joomla (in my case from 1.5.10 to 1.5.12. I uploaded the upgrade package and that's the explanation on why some of the files changed permisisons).
2) Upgrade an extension (many extensions are made so you don't have to uninstall the older extensions first - like Chronoforms).
So there's some scenarios where you can run into problems with file permissions.
About the FTP Layer: It's a great thing because you don't have to worry about file permisssions. I guess it's pretty safe when most Joomla sites use it.
So then I have a question: What is the correct file permissions to give my files in the Joomla site? Right now most are 777, but other are not writable because I upgraded Joomla to 1.5.12.
Thanks again...
Joomla 1.5 permissions
Actually, that explains a lot, we don't support upgrade through the inplace Joomla upgrade mechanism. I am not saying you can't do it, but our supported upgrade mechanism is using our backup/restore tools and restoring to a newer version of the JumpBox. I am just saying, that by doing so, you are on your own. This is a perfectly acceptable use as far as I am concerned, it's just that at that point there isn't a lot of help I can give you since it is really no longer a JumpBox. I think we need to make the fact that you shouldn't use an applications in place upgrade more clear.
In cases like this, I will happily clarify facts about the JumpBox as it was shipped, but determining appropriate permissions when you make changes we can't anticipate is up to you since I don't even know what files you have. I will tell you how we set permissions ... if you look at /jumpbox/lib/appdata.yml there is a section that looks like this:
fileperms: xflist: [] rwlist: - config.php - ...The entries under xflist (empty in this case) are what we set as executable. The entries under rwlist are what we set as readwrite by the webserver user www-data. Everything else is rw by the admin, read by www-data, and read by others. But this list is only known to be accurate for the version of the application that shipped with this JumpBox. We have no way of knowing anything about versions of the application that are not yet released.
Austin
Okay, just to clarify: When
Okay, just to clarify: When I upgrade Joomla via SFTP, what happens? Do I loose Jumpbox behaviour?
I'm just thinking that all normal Joomla users are used to upgrading whenever there's a new upgrade. You always do this by uploading the new upgrade files via FTP. If that does something to the Jumpbox, then I think many Joomla users will go wrong in this.
I ONLY updated the files inside the joomla15 folder - nothing else..
Joomla 1.5 permission frustration
They won't go wrong if I don't install FTP to enable the FTP layer. But to answer your question, it depends on the upgrade and what has changed in Joomla. Its possible that our upgrade on restore functionality will fail, though it doesn't look like we do much in the case of a Joomla upgrade, so I guess the odds are pretty good that it won't break. Though we only test that scenario so I can't say with any certainty. Furthermore, Joomla may introduce something that does cause it to go horribly wrong. I cannot tell what they might do.
Other than possibly disrupting the upgrade on restore functionality, if the changes you make are isolated to the joomla directory, the other functionality should be fine. You should also be aware of how out backups function and what gets backed up. You should read the backup sections of the README that come with the JumpBox.
Austin
Okay.. thanks a lot. You've
Okay.. thanks a lot. You've been a great help!
I just think many users will download upgrade patches and upload then via SFTP then.
That's the way it's recommended on joomla.org (upload via your FTP client, being a SFTP or just a FTP connection). This hasn't got anything to do with the FTP Layer in Joomla. You can't update Joomla from the Joomla administration. THis has to be done via an FTP client outside of Joomla, and this is still possible even though it's an SFTP connection.
Joomla 1.5 permission frustration
This has been a good discussion.
For other readers who come across this I want to make a few things clear. There are more options than whats stated above. The recommended and supported upgrade mechanism for all JumpBoxes is to use the JumpBox backup/restore tool. By updating the entire JumpBox in the manner described by the link above you will receive both application updates as well as lower level operating system and service updates.
If you do decide to deviate from our recommended path and manually update the application on your own and the application changes significantly you may break the integration between the JumpBox and the application. This could lead to broken backup/restores, problems when IP addresses change, problems when you change the public address and very probably broken the JumpBox update on restore process. The more you upgrade the app, the increased likelihood that those integrations will break.
In the manual upgrade scenario you will also have to handle OS level updates yourself. System level updates can be done on any JumpBox using the Ubuntu/Debian standard process:
The first line updates the package lists and the second line will download and install the out of date packages. This should work in most cases and not disrupt and of the traditional JumpBox functionality, HOWEVER we do not systematically test or support or in any way guarantee that this will work indefinitely. The only supported update method at this point is through the JumpBox backup and restore tool as linked to above.
Austin
Joomla 1.5 permission frustration
I have just installed the free JoomlaPack extension successfully through the Extensions install menu in the Joomla 1.5 management interface on the Joomla15 1.1.10 JumpBox. I must misunderstand how people are trying to use this. For instance, I have also verified that every file under the /var/data/joomla15 directory, where joomla 1.5 is installed, is writable by the admin user, who you would login as using and SFTP program.
Let me know what I am misunderstanding and I will happily help.
Austin
Joomla 1.5 permission frustration
Hi,
Could you give me an example of an extension you are trying to install and what you are doing to try and install it? We want to make the user experience for these sorts of things as painless as possible. Unfortunately using FTP is incredibly insecure for any site that is actually connected to the internet. I am convinced that providing FTP would be doing a tremendous disservice to our users. I would rather make modifications or providing instructions that help our users safely and effectively use the JumpBox.
Austin
A minor example of the problem
This is an example of a minor annoyance caused by file permission issues when using JumpBox for Joomla! 1.5.17. Other users have had much worse problems, from what I hear.
I installed a new template into my JumpBox Joomla. I did this the usual way: log into the Joomla administrator backend interface, go to the Extensions menu, select Install/Uninstall. There is an upload field, and I click Browse... and choose the template zip file on my hard drive. I click Upload File & Install. Joomla tells me the new template was installed successfully.
(I realize this is excessive detail, but I figure that's better than not enough detail.)
Now I want to edit my new template. I select Template Manager from the Extensions menu. I click on the name of the template from the list. The editing options are displayed, and under Parameters, I see a message telling me that the parameters file for this template is *unwritable!* in frightening red text!
How can I change the template settings if the parameters file is unwritable? Many users may give up at this point. But what makes this only a minor frustration is that if I go ahead and change the parameters anyway, and click Save, Joomla saves the changes successfully even while continuing to tell me it can't write to the file. Weird!
The same thing happens when I try to edit the CSS files for this new template. All the CSS files are labeled "unwritable" by Joomla, yet it succeeds in writing to them nevertheless.
I don't know what would cause Joomla to say the files are unwritable when they're not, but that's what happens whenever I install a new template into my JumpBox Joomla.
permissions
OK guys here goes.. I am a newbie here.. I am running the Joomla Jumpbox and I have installed the Phoca Gallery and using the Plugin for Cooliris and it wants me to put a file in the ROOT dir of the webserver.. and I am having trouble because it tells permission denied. cannot copy file to dir. using sftp under /var/www/ which I presume is the root of the websrver? again please forgive me I am just learning this . so if some one can help me to change the permissions so I can put the required file there to make the gallery work I would appreciate it