Mar
20

0


One question that comes up is why we don’t support Joomla!’s native “FTP” mode within the Intellispire Software Installer.  The answer is complex, and requires an understanding of what FTP mode is, what problem it intends to solve – and what problems it has created for webmasters.

First, let’s start with Basic Linux Permissions

“Stock” Linux has a deceptively simple permissions structure, based on users, groups, and file permissions. Given a specific user a account, and the group they belong to, each file is allowed to be (or not to be) read, written or executed (rwx). Directories / folders are a little different, with the “execute” permission meaning something different (ability to access the files in that directory).

Let’s throw in a little complexity. Every program running on a Linux box is run under a user account. Thus your webserver is running as a specific user, maybe “apache” or “httpd”. Note these are user accounts, not actual people.

As a special and extremely confusing case, sometimes webservers run under the user account “nobody”. This doesn’t really mean there’s not an account, it means the account’s name is “nobody”. It makes sense only to a geek.

Users and Permissions

In addition to each program running as a specific user, each file is owned (belongs to) a specific user as well. In general, the file is owned by the user that created it.

The owner has the ability to allow or deny read / write / execute access to the owner of the file, the group that file belongs to, or “other” (other means  everyone else).

Admittedly the above is an over-simplification, if you need more detail, try a a web search on “unix permissions”.

Let’s try to put this all together: your webserver (the program that serves your web pages, which are files) must have, at least, READ access to ALL the files that it is going to serve (otherwise you get a “Permission Denied” when you try to access the page.

YOU (the user) must also have access to read … and most likely to write the files in your account, so you can update your website. Your credentials (user account) comes into play when you login to your account … using FTP, telnet, or ssh, for instance. FTP is the most common case.

When you FTP to your account, the files you create (upload) are then marked as owned by you / your account. So far, so good.

But when the webserver itself needs to upload a file (let’s say you use Joomla!’s image manager, or you are using installing an extension), the files created are owned by the account the webserver is running under – this is usually not your account.

So what ends up happening is that you get a lot of files on your server that you can’t FTP and access, because you don’t own them. Or, possibly, the webserver itself can’t overwrite the files because you own them.

The bottom line issue is that your web-applications can’t write files “you” created (via FTP), and that you can’t write the files the webserver created.

Hence, things break.

Especially software like the Intellispire Software Installer, which is designed to overwrite and update files. In this situation, it simply can’t work and your site will most likely break eventually, if you can even install anything at all.

This is a tough, sticky problem that plagues many web-based applications, especially those running on shared servers where you only have limited access to the files.

Since this is a common problem, there have been many solutions created, as you can imagine.

RWX – everything “777”

The most common one is when instructions tell you to change the ownership of files to “777”. What this means is to give EVERY ACCOUNT full access ( read, write and execute) permissions to every file.

This certainly “solves” the problem, because now every account on the server you share has access to every file, no matter what program they are running. Including the spammer in the “next account” over. If they can find any security hole at all, your site is toast.

Another side effect is that new files created by the webserver may not have full permissions, so you still run into times when you can’t delete files that have been created, for example, an image you uploaded using a web-based tool.

I particularly dislike this solution because non-program files should NEVER be set with the “execute” bit set, as this will allow a hacker who can deface your site to potentially also run the interpreter of his choice. Just overall, a bad solution.

Owned by Apache

The next solution is to make sure that every file is owned by the webserver. This is a little more secure, because while everyone on the server can write scripts that could potentially access your files, they have to break out of the webservers security context, first.

And it a good solution for a dedicated server, where you don’t have multiple web accounts on the system.

In this mode, you use ONLY web-based tools (like eXtplorer – or your control panel’s ) to manage your files. You never use FTP (or maybe just once to install the eXtplorer, then set the file ownership), so every file is owned by the webserver, and things just work. This can usually be done on most virtual accounts, too.

PHPSuExec – the best shared hosting solution

PHPSuExec modifies your server configuration so that PHP is no longer run “inside” the webserver, but as a program outside of it. Thus it has a chance to “change identities” before it accesses your files.

What this means is that your programs are now run under your account name. In this case, you can use FTP as much as you want, change files from web-based apps, and things pretty much just work. There are a few side-effects of this mode.

* PHP is running in CGI mode – some scripts don’t like this. While a problem a few years ago, most scripts have been fixed to handle this mode fine.

* It is a little slower. Again, a few years ago I’d say this is a big drawback, but today, your bottleneck will be someplace other than CPU – and if you need more power, you can get a bigger hosting account or a dedicated server.

* One big advantage is each account can have it’s own php.ini configuration file. This means you don’t have to share your settings with other people on the server. That’s a big deal when you start running complex web applications.

Most name brand hosting services, including Hostnine, Hostgator and GoDaddy run PHP in this mode, so it is well documented, well understood, and generally just works with most software.

<strong>This is the mode</strong> that is <strong>supported, recommended</strong>, and <strong>tested</strong> with the Software Installer for Joomla! If your ISP is NOT running phpSuExec, ask them to upgrade you. If they don’t / can’t, get another hosting provider!

The Joomla! “solution”?: FTP mode

Faced with a growing number if incompatible, cheap web-hosts, the Joomla team decided to fix this problem themselves. They realized that, in the standard configuration, while the webserver may not have access to write the files, you could (usually) FTP in and make the changes you needed.

So FTP mode was born.

Basically what that does is take any file that needs to be written, stores it in memory, then runs it’s own, internal FTP program to connect back to the server and FTP the file in place. If you think this sounds a bit convoluted, you are right.

A decent solution, except ….

* it’s a resource hog, and slow as all get out. I’m not talking drumming you fingers for a few seconds, I’m talking about a test where a standard update takes about 4 seconds, FTP mode required over 20 minutes to run. This causes apache “timeout” errors, and can easily break your site when some files are updated, others aren’t.

* It’s a resource hog. All files that it needs to write are first stored in memory. You are likely to run out of memory during many large operations.

* changes to the unzip / untar libraries (presumably to support FTP mode) [extracting files to memory rather than to disk] broke them. [Note: the librairies may be fixed by now, I haven’t checked: we include our own working extraction libraries with the Installer.]

* Many extensions, and ALL legacy extensions written before Joomla 1.5, simply ignore FTP mode anyway, and fail if it’s required. Or do other weird things.

So, while FTP mode can be used in some situations, for example, to update your configuration file when there are no other viable options, it should not be used for installing programs or running non-trivial extensions.

My personal opinion is that introducing FTP mode in Joomla 1.5 was a mistake. It clouds an already complex issue (that can be solved in much better ways) with another layer of complexity and potential failure point, that Joomla! has to then try to support. I’d rather see resources be put into other areas, like decent group support, or Joomla! 1.6.

The bottom line, is that FTP is just too slow and unstable for large operations, and updating the Joomla! Core is definitely a large operation!

That is why we don’t support FTP mode, and strongly suggest that you run your sites using phpSuExec. You can get great hosting for under $10 per month that supports phpSuExec, all day long, from many providers.

Zithromax (azithromycin) is a medicine intended for the treatment of infections caused by bacteria such as infections of the ears, lungs, skin, and throat, zithromax online Buy generic medications and prescription drugs at our Online Pharmacy Store – NowPharmacy.org.
Celebrex is a treatment used for pain and inflammation caused by conditions like arthritis. There may be other conditions causing the symptoms in the patient, buy celebrex Nearly a decade after reports first surfaced linking the prescription pain reliever celecoxib (Celebrex) to an increased risk of heart attack, and two years after the

Comments are closed.