Online Chat
 Call Us: 
1-877-744-1221
Browse Submit a Ticket
 
Advanced Search
Tools
Rss Categories

 Featured
Setup correct files and folders access permissions efficiently

Author: Edward Hardin Reference Number: AA-00427 Views: 35736 Last Updated: 06/16/2017 01:21 PM 0 Rating/ Voters

This guide helps you setup correct access permissions for files and folders efficiently


Windows + IIS

Applies to Windows XP, 2003, 2008, 2013 or newer with IIS6, IIS7, IIS8 or newer installed.

This example has been performed on Windows2003 + IIS6. It works for other versions of Windows, but appearance of permission configuration windows may vary.

During installation

When you're asked to set write permissions during the initial setup, we would recommend to set write and modify permissions to all KMP files. Don't be afraid about security you will remove most of them after installation.

  1. Right-click on the folder that contains all KMP files.
  2. Select "Properties".
  3. Click on the "Security" tab. If you do not see it, you probably do not have enough rights to change file permissions, so please contact your system administrator.
  4. When you install IIS, it adds a user to the system which permissions define access level for web applications. By default it is Internet Guest Account (or IUSR_MACHINENAME, you can see that on the screenshot it is IUSR_IIS6 since the IIS6 is the server name). You need to grant Internet Guest Account with modify and write permissions.



    If granting permissions to this user doesn't help, try to grant permissions to the "Users" user group. That should work. 

  5. After this you can proceed with the installation of KMP and finish it.


Windows XP

In Windows XP you have simple file sharing enabled by default. You need to disable it in order to change file and folder permissions.

  1. Go to My Computer.
  2. Click on the Tools>Folder Options menu item.
  3. Select the View tab.
  4. Under Advanced settings, scroll down to the bottom and uncheck Use simple file sharing (Recommended).
  5. Click Ok.

After installation

  1. Delete the /admin/install/ folder. It is no longer needed and may be a security threat if you'll leave it as it is after installation.
  2. Open the security properties of the folder that contains all the KMP files once again.



  3. Remove modify and write permissions from Internet Guest Account.
  4. Login to the KMP.
  5. Go to Administration > General Settings > File Permissions.
  6. You will see that KMP asks you to give it write permissions to several folders.



  7. Open properties of each folder from this list and add write and modify permissions for Internet Guest Account.



    If granting permissions to this user doesn't help, try to grant permissions to the "Users" user group. That should work.
  8. Click "Recheck" to be sure that everything is set up correctly.


Windows + Apache

This example has been performed on Windows 7 + Apache. It works for other versions of Windows, but appearance of permission configuration windows may vary.

During installation

Apache generally runs on the host computer as the User that it was installed under. So when you launch the installation you will see that KMP has writable access to all files.


So you do not need to do anything about it right now.

After installation

After installation you need to remove write access from most KMP files.

  1. Delete the /admin/install/ folder. It is no longer needed and may be a security threat if you'll leave it as it is after installation.
  2. Launch the Task Manager (you can use the Ctrl-Shift-Escape combination for that)



  3. You can see that Apache runs under SYSTEM user (this user name may be different on your server). Open the security properties of the folder that contains all the KMP files and click the "Edit" button.



  4. What you need to do is deny SYSTEM user write access to main KMP folder. This denial will be inherited by all child files and folders. Click on checkbox like shown on the next screenshot and click OK.



  5. Login to the KMP.
  6. Go to Administration > General Settings > File Permissions.
  7. You will see that KMP asks you to give it write permissions to several folders.



  8. Open security properties of a folder from this list, for example "attaches". Click "Advanced" and then "Change Permissions...".




  9. Uncheck the "Include inheritable from this object's parent". You will get a confirmation window.



  10. Click on the "Add" button to copy permissions from parents to this folder.
  11. Remove the entry that denies write permission for the SYSTEM group.



  12. Click OK in each dialogue window.
  13. Perform 8-12 steps for each folder listed here:
    admin/attaches/
    admin/media_store/
    admin/systembackups/
    admin/tmp/
    admin/update_pool/
    hosts/hosted/
  14. After that you can go  to Administration > General Settings > File Permissions and see that you need to remove write permissions from the hosts/hosted/.htaccess file. Remove them and click "Recheck" in KMP control panel, you will see that all permissions are set correctly.



Linux/UNIX

During installation

  1. Open shell session with the server where you've uploaded KMP.
  2. Go to the folder that contains all KMP files.
  3. Run the following command to grant KMP with write permissions to all necessary files.
    chmod -R 777 admin/attaches admin/media_store admin/systembackups admin/tmp admin/update_pool hosts/hosted
    chmod 666 admin/config.inc.php index.php .htaccess admin/.htaccess hosts/hosted/.htaccess hosts/preview/.htaccess sitemap.xml sitemap.xml.gz

After installation

  1. After installation you can remove some write permissions that are not needed anymore: 
    chmod 644 admin/config.inc.php index.php .htaccess admin/.htaccess hosts/hosted/.htaccess hosts/preview/.htaccess
  2. Delete also the /admin/install folder.
chmod 777 or chmod 755

Note that chmod 777 is not a must, you can use chmod 755, but first you need to run chown command to make Apache the owner of those files.
Go to the folder with all KMP files and run the following command.

chown -R www-data:www-data ./

Usually Apache runs as www-data user, but it may be different on your server.

Unix/Linux without shell access (setting permissions with FTP software)

If you're setting permissions using your FTP software, note that most FTP clients allow setting permissions in a file properties window, which can be opened by right click on the file and choosing "Properties" or "Settings" item in pop-up menu. FTP clients usually use the same file permissions scheme as Linux/UNIX shell does.

During installation

Folders that require write permissions (chmod 755 or chmod 777):

  • /admin/attaches
  • /admin/media_store
  • /admin/systembackups
  • /admin/tmp
  • /admin/update_pool
  • /hosts/hosted

Files that require write permissions (chmod 644 or chmod 666):

  • /admin/config.inc.php
  • /index.php

After installation

Remove write access for the following files (chmod 444):

  • /admin/config.inc.php
  • /index.php