TOPIC: installed with error - now can not uninstall - whole site down

whole site went down when I tried to install new component comment. At first I did not have permissions on my duirectories set properly - so I went back in and set to 777 most of them... it seemd to install but then there were errors - but it allowed the install anyhow - I wish I had printed that page to tell you what the errors were - so I tried to uninstall and it does the following and now the site is down. Its jsut a test site for now though.

Warning: require_once(/home/hatcom/public_html/components/com_comment/joscomment/utils.php) [function.require-once]: failed to open stream: Permission denied in /home/hatcom/public_html/administrator/components/com_comment/class.config.comment.php on line 118

Fatal error: require_once() [function.require]: Failed opening required '/home/hatcom/public_html/components/com_comment/joscomment/utils.php' (include_path='.:/usr/lib/php:/usr/local/lib/php') in /home/hatcom/public_html/administrator/components/com_comment/class.config.comment.php on line 118

Hey there eric.
For some reason the system can not find:
'/home/hatcom/public_html/components/com_comment/joscomment/utils.php

is this file really there?

yes - see www.husbandsagainsttwilight.com

Ok, what is the matter with your site? 404 component not found? You don't use joomlacomment as the start page, do you? You should use the frontpage component for start page.

If you have a decent, up-to-date and professional webhost which runs PHPSuExec (it allows the PHP process to run as root instead of "nobody" and works best for complex PHP sites like Joomla), and set your directory CHMOD to 777, you will always get errors as it's a MAJOR security risk. Only set the "public" and "non-system" folders such as media, tmp and logs to 777 in this case. The Joomla documentation specifically recommends that Dir/Files be CHMOD to 755/644 respectively.

that is the error now since I installed the component. Its wierd. I tried to disable the component as well - still no joomla site - but the administration areas work perfectly...

this is the error I get from the joomla admin area when trying to uninstall the component. Is there any other way to do it at this point - the site frontend died when we installed this component.


Warning: require_once(/home/UID/public_html/components/com_comment/joscomment/utils.php) [function.require-once]: failed to open stream: Permission denied in /home/UID/public_html/administrator/components/com_comment/class.config.comment.php on line 118

Fatal error: require_once() [function.require]: Failed opening required '/home/UID/public_html/components/com_comment/joscomment/utils.php' (include_path='.:/usr/lib/php:/usr/local/lib/php') in /home/UID/public_html/administrator/components/com_comment/class.config.comment.php on line 118

SOLVED:

I talked my webhost into changing the entire webroot directory tree for the joomla site owner to "nobody/nobody" - the site instantly sprung to life from the front end. I was then able to uninstall the component from the backend successfully.

I then tried to reinstall to clear up any issues from before but the jftp was no longer able to function now due to the ownership changes - ftp will not work now - HOWEVER - I quickly went to Joomla Global Config and switched joomla ftp layer OFF.. then it installed like magic - as though nothing was wrong at all..

By the way - when I am typing in this response on this website - the right site of the page is a joomla blog roll list on what looks to be 8-news or somehting in the url for the module... anyhow the text I am writing and the form is covered partly by this module... its a bit annoying to look at... here is a screen print..

You asked your webhost to change the owner of your entire website to nobody/nobody?



No offence, but I think you really need to read the Joomla documentation at least once. Oh - and it'd be smart to remove the link you have to your website in your post above, regardless CompoJoom won't be held responsible for any hacking that's inevitably going to take your site down.

instead of mocking me for not understanding how to fix an issues after having posted to these forums for a couple of days and trying to figure out a solution that actually worked to uninstall the blasted thing then reinstall it properly given the webhost envorinment which I must use - perhaps you could be more tactfull by explaining why you dont feel my solution that worked for me is a wise move - and I could then understand... if you dont have the time to teach me that is OK - perahs a friendsly link to relevent sections of the setup guides or other websites which talk about this topic "nobody" ownership in the webroot and how it might affect me would be helpful to me as well as others like me who might run into the same problem...

I did ask the webhost about the PHPSuExec, however they are unable to configure the servers with this - I do not insult their ability to host or otherwise - I take what they offer and they have offered a lot to me... This is the envoronment which I work in and must figure out how to get your code to work under - mind you I have never had any problems with any other joomla component in the past - just this one... I have joomcomment installed in several other sites without a hitch - all hosted on same environment - so I am not sure what changed with the new releases or with the new joomla - but it killed the site when I installed as I mentioned above... now its working fine with my "solution" work around - and everything else is working fine as well...

If there are major security holes - I can simply change owner again when I am done with the configuration side of things... still - this is the only component I had this issues with that was marked as stable.

Touche. Sorry for being a jerk, I understand you just wanted it to be working is all.

Well I had a quick look around and thought it'd be best to just point you towards the official Wiki, the 'Joomla Security Checklist' specifically. Ideally one would consult this before choosing a webhost... regardless, it does have a lot of handy tips and steps that all the top builders out there read every time they build a site

docs.joomla.org/Category:Security_Checklist

Do what you can and you should be fine

Yep - I looked over that checklist several times after your comment prior... seems to have a lot of what I have read in the past... still not understanding the nobody conflict - I actually see a lot of webhosts and project owners for sites other than joomla recommend doc root be set as such.. then specific ownerships from there where needed... obviously the 777 permissions are to be reset to the recommended joomla settings of 755/644 or whatever it is... but I was simply testing, building a new site and adding new things... when we are done building we'll begin locking it down...

thanks for the link though... if you have any ideas on the nobody/nobody issues - I googled the snot out of it and foind not much about it...

also - the ads and right side of the page collumns on this site are still overlapping th top of the reply form I am typing in now... it hides part of the text as I type a response and is a bit hard to figure out if there is a typo or something under it before I hit submit...

Yeah, I spent a good few days researching the permissions stuff. I am lucky I happened to have chosen a host that used SuPHP before I even knew what it was for

The only issue with system files of Joomla being CHMOD 777 is that, if there is a "hole" in any Joomla system files, it could be more vulnerable to an XSS attack or other form of code injection as it's an easy entry point for such activity. The fact that all this is open source makes it a haven for script kiddies to get-off on. But there are apparently quite a few sites that have a global 777, and they 'fake' their own security by making it look like as far-away-as-possible-as-Joomla as they can (including renaming the administrator folder for example, and removing Joomla branding from templates, and the HEAD generator=Joomla tags with sh404SEF).

I'd like to personally recommend the Joomla extension GuardXT . With the FTP Layer enabled in Global Config, it does a pretty good job of automagically adjusting your permissions - or alterantively, it can just check your site status and let you do it all manually with the status/logs as a guide.

Yeah, I think the template problems on this site are related to the Kunena template. I will disable my Adblock extension (*gasp*) and maybe take a crack at it with Firebug, thanks for the reminder.

EDIT: I just did some extra reading, and I think I learnt something - the FTP owner of nobody/nobody doesn't seem to be a security issue at all actually. But it may cause "too-restrictive" security in the event of trying to modify the installation. However, I imagine that with the FTP Layer enabled in Joomla, that is of no concern - as long as the account assigned to said FTP layer Joomla is using has max access rights (via cPanel or whatever), it can modify everything. Hope that makes sense.

EDIT2: Here's something interesting:

PHP scripts here run as the apache user ("nobody" in this case) not as your user account. This is because PHP is run in mod_php mode. This means that when you upload a file through HTTP (ie through a web form), or your web program creates a file on the server that file will be owned by the user called "nobody". This can create problems when you want to delete, rename, copy, move or edit the file later through FTP, SSH or SFTP because you are not the user "nobody" and thus probably don't have the correct permissions.

Since your webhost runs Apache and PHP as nobody, I really can't suggest anything and I am unsure how good or bad it could or could not be Although I did find another enlightening article worth a read.