• 1

Read this first!

We do not monitor these forums. The forum is provided to exchange information and experience with other users ONLY. Forum responses are not guaranteed.

However, please submit a ticket if you have an active subscription and wish to receive support. Our ticketing system is the only way of getting in touch with RSJoomla! and receiving the official RSJoomla! Customer Support.

For more information, the Support Policy is located here.

Thank you!

TOPIC: Hiding configuration.php in nonpublic directory

Hiding configuration.php in nonpublic directory 9 years 4 months ago #10553

  • jwhite47
  • jwhite47's Avatar
  • OFFLINE
  • Fresh Boarder
  • Posts: 7
Hi Guys!,

Having issues hiding configuration.php in a nonpublic directory in Linux for Joomla? Problem in most cases is because by placing the file within a folder behind the public directory violates an open_basedir restriction. The solution to this depends on how much access you have to your web server, if you are using some cheap shared hosting then this solution might not be best for you because you would need access to the /etc/httpd/conf.d/ directory; this solution is more for someone with a dedicated Linux server or Linux VPS.

Solution:
1) Log into Linux webserver with root access by using the su command and root password
2) Create the folder named “nonpub” with the command “ mkdir” outside of your public directory.
IE: If your public directory is /var/ww w/vhosts/yourdomain.com/httpdocs/ then the nonpub directory should look like this /var/ww w/vhosts/yourdomain.com/nonpub/
3) Copy your configuration.php file to the nonpublic folder and ensure it’s permissions are read only by typing the command: chmod 444 configuration.php
4) Create 2 folders within the nonpub folder, tmp and logs
5) Run the following command on the nonpub folder which will grant apache ownership to it and the contents: chown 48 nonpub (make sure you are not within the directory when typing this command else you will get an error like cannot find file or folder)
6) Time to configure Apache, navigate to the directory /etc/httpd/conf.d/
7) Type the command: vi zzzopenbasedir.conf
8) Now you are in a blank document within VI, if you don’t know VI its easy to use, you can find a cheat sheet here: http://www.lagmonster.org/docs/vi.html
9) Enter the following lines into your new document and of course modify the paths to reflect what you have within your server (if you are not sure the path go to the folder and type pwd to get the present working directory):

SIDE NOTE: the 1st line below should only be used if you trust all users otherwise you will need to modify the (.*) to what vhost you are setting this up for.
<DirectoryMatch /var/www/vhosts/(.*)/httpdocs/>
         php_admin_value open_basedir /var/www/vhosts/yourdomain.com/httpdocs:/var/www/vhosts/yourdomain.com/nonpub/tmp/:/var/www/vhosts/yourdomain.com/nonpub/logs/:/var/www/vhosts/yourdomain.com/nonpub/
</DirectoryMatch>

10) The above code will grant your tmp folder, log folder and nonpub to be unrestricted to open_basedir. Save your document by pressing ESC button then :w to write then :q to quit
11) Now you need to modify BOTH your defines.php files; within your public directory. One can be found in /includes/ and the other can be found in /administrator/includes/
12) Change the permissions of defines.php to 777 by typing the command: chmod 777 defines.php
13) MAKE A BACKUP OF THE FILES: cp defines.php defines.bak
14) Edit the file with VI by typing the command: vi defines.php
15) Find the code “define( 'JPATH_CONFIGURATION', JPATH_ROOT );” and replace it with the following:
define( 'JPATH_CONFIGURATION',    JPATH_ROOT.DS.'/../..'.DS.'nonpub' );

16) Change the permissions back to 644 by typing the command: chmod 644 defines.php
17) Nearly done, just restart apache by typing the commands:
/etc/init.d/httpd stop
/etc/init.d/httpd start

18) Within Global properties of Joomla change your log folder to:
/var/ww w/vhosts/yourdomain.com/nonpub/logs/
19) Within Global properties of Joomla change your tmp folder to:
/var/ww w/vhosts/yourdomain.com/nonpub/tmp/


If this does not work for you then revert all changes and restore the backup file. IF it does work then DELETE the configuration.php file in your public directory.

This worked for me, Good Luck!

John.
Last Edit: 9 years 4 months ago by jwhite47. Reason: revised
The administrator has disabled public write access.
  • 1

Read this first!

We do not monitor these forums. The forum is provided to exchange information and experience with other users ONLY. Forum responses are not guaranteed.

However, please submit a ticket if you have an active subscription and wish to receive support. Our ticketing system is the only way of getting in touch with RSJoomla! and receiving the official RSJoomla! Customer Support.

For more information, the Support Policy is located here.

Thank you!