Date: Sun, 28 Jan 2018 19:48:20 +0100 From: Per olof Ljungmark <peo@nethead.se> To: freebsd-ports@freebsd.org Subject: Re: daily security run output and joomla3 Message-ID: <f6c28c76-156a-37fe-d0b2-644a8d9d4882@nethead.se> In-Reply-To: <20180128183100.itrn2rpc3edsmhfw@ivaldir.net> References: <BN6PR2001MB17305EA8F53CFD1FC963957580E60@BN6PR2001MB1730.namprd20.prod.outlook.com> <20180129.025651.1943739201262226813.yasu@utahime.org> <20180128180456.wle3ydeqhshspq6y@ler-imac.local> <20180129.032722.1649622669605796083.yasu@utahime.org> <20180128183100.itrn2rpc3edsmhfw@ivaldir.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On 01/28/18 19:31, Baptiste Daroussin wrote: > On Mon, Jan 29, 2018 at 03:27:22AM +0900, Yasuhiro KIMURA wrote: >> From: Larry Rosenman <ler@lerctr.org> >> Subject: Re: daily security run output and joomla3 >> Date: Sun, 28 Jan 2018 12:04:56 -0600 >> >>> But as the OP notes, the joomla3 instructions *REQUIRE* >>> removal of the install directory for security reasons, so >>> I understand where he is coming from. >> >> Do you mean that all installed file must be removed? If so, what about >> simply deinstalling joomla3 package after instructions are finished? >> > > Does changing the owners of the directory to nobody helps? joomla (www users) > might not be able to read it The trick we use here is to keep the original www/joomla3 directory from the ports install untouched, copy its contents to vhosts/<webroot> and serve the sites(s) from there. Then one can use other means/software to keep track of possible altered files. //per
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?f6c28c76-156a-37fe-d0b2-644a8d9d4882>