Please do NOT post requests for help here. Use the Help forum for that.

TOPIC: LAMP/webtrees Directory Structure

LAMP/webtrees Directory Structure 1 year 3 months ago #1

  • jda8818
  • jda8818's Avatar
  • Offline
  • New
  • Posts: 16
By default, Apache2 looks to find an index (.html, .php, .etc) file in the /var/www/html folder. This allows the user to simply enter the domain name in his browser and bring up the program that resides there. Why does webtrees move everything down one level to the /var/www/html/webtrees folder? Maybe to allow other applications to reside there at that level?

Security concerns prompt this question.

Thanks in advance for any comments,

jda8818
The administrator has disabled public write access.

LAMP/webtrees Directory Structure 1 year 3 months ago #2

  • fisharebest
  • fisharebest's Avatar
  • Offline
  • Administrator
  • Posts: 10825
> Why does webtrees move everything down one level to the /var/www/html/webtrees?

If webtrees is installed in a "webtrees" subfolder, that's because you copied the files there...

It's equally happy in the root folder. Just move everything up a level.

> Security concerns prompt this question.

In general, you don't want to have your application files available to the outside world. "Best practice" is for an application to have a "public" folder, and configure your webserver to connect the domain to this folder.

However, in the case, it's not really an issue as all our code is open source. If someone wanted to find the source code, it's published on github.com....

The only folder where we keep "private" data is "data/" - and this has a .htaccess folder. If your server doesn't support .htaccess files, then webtrees has configuration options to move this elsewhere.

If you've found a specific vulnerability, you might want to contact me directly.
But for general questions and discussion, ask here on the forum.
Greg Roach - This email address is being protected from spambots. You need JavaScript enabled to view it. - fisharebest.webtrees.net
The administrator has disabled public write access.

LAMP/webtrees Directory Structure 1 year 3 months ago #3

  • jda8818
  • jda8818's Avatar
  • Offline
  • New
  • Posts: 16
Wowser! a reply in 8 (eight) minutes ... Many thanks for your comments Mr. fisharebest. I'm asking simply because I'm trying to understand the security implications of the structure, the .htaccess file options, etc., etc.. I wouldn't want a user changing directories, listing files, downloading files, or mucking around trying anything fishy. I'm running a LAMP server (16.04) on my local network and practicing prior to putting a 5.1 (FTM 2017) file (28,000 individuals) up on Digital Ocean where I have an account. I may put it somewhere else. I'm helping the originator of the file who is 86 yrs and having trouble with his memory so I don't want to make any unnecessary mistakes. It's not mine to mess up.

BTW, your software worked on the first try although for some reason I had to sftp the gedcom file to your /var/www/html/webtrees/data folder.

On the next run I'll put everything up one level. Thank you once again for your interest,

jda8818
The administrator has disabled public write access.

LAMP/webtrees Directory Structure 1 year 3 months ago #4

  • fisharebest
  • fisharebest's Avatar
  • Offline
  • Administrator
  • Posts: 10825
> I'm trying to understand the security implications of the structure, the .htaccess file options,

All your files that may contain personal/private data are in the folder /data

To test whether privacy is working, try to fetch URL <yoursite>/data/config.ini.php.

If you get a 403/not-allowed error, then the .htaccess is working.
If you see a ";", then you'll either need to enable them or move the data to a private folder.

> although for some reason I had to sftp the gedcom file

By default, PHP allows file uploads to a maximum of 2MB. Was your file larger than this?
Greg Roach - This email address is being protected from spambots. You need JavaScript enabled to view it. - fisharebest.webtrees.net
The administrator has disabled public write access.

LAMP/webtrees Directory Structure 1 year 3 months ago #5

  • jda8818
  • jda8818's Avatar
  • Offline
  • New
  • Posts: 16
OK, I'll check it out and yes, the gedcom file was 18.8MB

Thanks again,

jda8818
The administrator has disabled public write access.

LAMP/webtrees Directory Structure 1 year 3 months ago #6

  • jda8818
  • jda8818's Avatar
  • Offline
  • New
  • Posts: 16
OK, my site is up and running on Digital Ocean, but I'm getting the ; (semicolon) when trying to fetch <domain_name>/data/config.ini.php. I have reset the permissions back to 755 on the /data folder after having to set them to 777 in accordance with your preliminary instructions. I'm looking at the John Doe tree and I can log in as an administrator.

Looks like I need to enable the .htaccess system for the /data directory. looking at /etc/apache2/apache2.conf I find that:

<Directory /var/www/>
Options Indexes FollowSymLinks
AllowOverride None
Require all granted
</Directory>

So I need to replace 'None' with 'All' and restart I gather, but is the /var/www/ OK? Should the Directory include /var/www/html/ (data?) ?

Thanks in advance for your comments, Greg ...

jda8818
The administrator has disabled public write access.

LAMP/webtrees Directory Structure 1 year 3 months ago #7

  • fisharebest
  • fisharebest's Avatar
  • Offline
  • Administrator
  • Posts: 10825
> So I need to replace 'None' with 'All' and restart I gather,

Yes. That will enable .htaccess files within the folder /var/www

> is the /var/www/ OK?

Nothing wrong with this.

You're enabling them everywhere within /var/www.

Although webtrees only has the one .htaccess, other apps/modules may make use of them.
Greg Roach - This email address is being protected from spambots. You need JavaScript enabled to view it. - fisharebest.webtrees.net
The administrator has disabled public write access.

LAMP/webtrees Directory Structure 1 year 3 months ago #8

  • jda8818
  • jda8818's Avatar
  • Offline
  • New
  • Posts: 16
Replacing the 'None' with 'All' (no other changes) results in a '403 Forbidden' page, with the message 'you don't have permission to access /data/config.ini.php on this server'. I suppose that would apply to any other file in that directory as well.

So maybe I'm done?

Thanks again,

jda8818
The administrator has disabled public write access.
Do you need a web hosting solution for your webtrees site?
If you prefer a host that specialises in webtrees, the following page lists some suppliers able to provide one for you: 

LAMP/webtrees Directory Structure 1 year 3 months ago #9

  • fisharebest
  • fisharebest's Avatar
  • Offline
  • Administrator
  • Posts: 10825
jda8818 wrote:
Replacing the 'None' with 'All' (no other changes) results in a '403 Forbidden' page, with the message 'you don't have permission to access /data/config.ini.php on this server'. I suppose that would apply to any other file in that directory as well.

That sounds like it is working as intended.
Greg Roach - This email address is being protected from spambots. You need JavaScript enabled to view it. - fisharebest.webtrees.net
The administrator has disabled public write access.

LAMP/webtrees Directory Structure 1 year 3 months ago #10

  • jda8818
  • jda8818's Avatar
  • Offline
  • New
  • Posts: 16
Seems like I'm unable to edit John Doe, the default out of the box single individual in my test_tree. I would like to simply add a date of death. I'm logged in as an administrator, but none of the text boxes seem to allow an edit or addition.

Also, double clicking on the 'John Doe' text in the default opening page (Statistics - test_tree) brings up a page devoted to John Doe's (tabbed) details (facts and events, Families, Sources, etc) but in the RH box of the Facts and events tab, where Mr. Doe's Birth Date is given (January 1, 1850) the following text appears below the birthdate:

/var/www/html/includes/session.php:193 /var/www/html/app/Filter.php:161 mkdir(): Permission denied #0 unknown:unknown ErrorException("/var/www/html/app/Filter.php:161 mkdir(): Permission denied") #1 /app/Filter.php:161 mkdir('/var/www/html/data/html_purifi…') #2 /app/Filter.php:121 markdown('

Edit this individual and re…') #3 /app/Functions/FunctionsPrint.php:98 formatText('Edit this individual and repla…', [Tree]) #4 /app/Functions/FunctionsPrint.php:158 printNoteRecord('Edit this individual and repla…', 3, '2 NOTE Edit this individual an…', false) #5 /app/Functions/FunctionsPrintFacts.php:485 printFactNotes('1 BIRT 2 DATE 01 JAN 1850 2 NO…', 2) #6 /app/Module/IndividualFactsTabModule.php:152 printFact([Fact 408dd0554fc6963e12d4b12803a7bc3d@I1], [Individual I1@1]) #7 /app/Controller/IndividualController.php:118 getTabContent() #8 /individual.php:42 ajaxRequest()

Same sort of text appears under the Notes tab.

I think something may be amiss. I installed the php7.0-gd and php7.0-xml modules. The php7.0-xml module apparently included a simplexml module.

As always, any comments or suggestions would be greatly appreciated ...

jda8818
The administrator has disabled public write access.

LAMP/webtrees Directory Structure 1 year 3 months ago #11

  • jda8818
  • jda8818's Avatar
  • Offline
  • New
  • Posts: 16
changed permissions on the /data folder (777), restarted, reloaded and seems OK

Thank you,

jda8818
The administrator has disabled public write access.
Powered by Kunena Forum