Developers work hard to make elgg a good community software. So I want to contribute an idea from the user and administrator point of view:
Installation has many checks to prevent problems and security issues. So it demands the data directory being outside the installation tree.
What can an admin of a server do, where all virtual hosts have their own program and data space in a closed tree with data being secured by an apache directive? The only solution is to hack the installation code of elgg. Not really a helpful way.
I propose: Keep the checks but let the (knowledgeable) installer override warnings.
One more example: Requesting world write access to the data directory. For security reasons I am not allowd to give word read access to it. Again I have to devise extra steps to work around it.
(By the way: tikiwiki or moodle have installtion scripts that are a breeze)
info@elgg.org
Security issues should be reported to security@elgg.org!
©2014 the Elgg Foundation
Elgg is a registered trademark of Thematic Networks.
Cover image by Raül Utrera is used under Creative Commons license.
Icons by Flaticon and FontAwesome.
- Cash@costelloc

Cash - 0 likes
You must log in to post replies.Elgg does not need world read access to the data directory. It needs only user read/write/execute where the user account is the one running the web server. It looks like whoever wrote INSTALL.txt made them as general as possible since a lot of people who install Elgg don't understand permissions.