Prestashop 1,7 security

May 13, 2018 466 views
Apache Security Debian

Hello,

This is my first time when I need to administer webstore server and I have a question. CMS that I use is Prestashop 1,7, OS Debian 9 and Apache webserver. Owner of the site folder and all subfolders is system user and the group is www-data. I run it on my VPS with full root access. Everything works perfect, but I have one security thought. For some folders (especially cache folders) Prestashop wants full rights: read, write and execute. It looks a bit risky for me - in case of any exploit, attacker can upload and execute scripts on my server. When I try to give folders only read and write rights, CMS doesn't work - it causes HTTP 500 error or generates blank pages. Is it normal that Prestashop needs all rights to some folders or is it my mistake in configuration?

I can add that I use Apparmor, but still I would prefer to not give webserver full rights to the folders.

2 Answers

@MC777

Only your webserver user needs write permissions to cache folder and other related folders so you need to recursively set the owner to www-data using this command

sudo chown -R www-data cache

Then grant full owner permissions using this one

sudo chmod -R 755 cache

I hope it helps.

Hello, thank you for the reply. Your tip is very simmilar to my present situation. I have a system (non-root) user who owns recursively /var/www/mysite and www-data is set as a group for this directory. CHMOD for whole /var/www/mysite directory recursively is 750, except those cache folders where I must set CHMOD 770. That gives webserver user full rights to some directories. Isn't it a security issue?

Have another answer? Share your knowledge.