Under Linux the Gallery2 installation secures the config.php file by using chmod 644 config.php, however this leaves the Install and Upgrade folders open to any web browser.
Even though any Internet user can browse these folders, Gallery2 doesn't let them advance any further without authenticating via the installation password, safely hidden in config.php. But if you're still paranoid about the exposure of the Install and Upgrade folders to the world you can follow these steps to hide them from public view.
This How-To assumes your Gallery2 installation is running on a Linux platform.
You will need to have shell access to your installation (i.e. SSH or telnet) or an FTP client with the ability to chmod. Wherever you're instructed to type a command such as ls or chmod you will need to use the respective feature in your FTP client.
Login to your web site and navigate to your Gallery2 folder (i.e.: cd public_html/gallery2)
Enter ls -l and press ENTER to display a directory listing with permissions, file and group owner, timestamp, and filename. Look for these entries:
drwxr-xr-x 8 apache apache 1024 Oct 16 20:50 install ... drwxr-xr-x 8 apache apache 1024 Oct 16 20:51 upgrade
Notice the permissions (drwxr-xr-x) assigned to the Install and Upgrade folders. This equates to chmod 755 which allows Internet users to browse the contents of the folder. Files contained in the folder may have different permissions and will not be altered.
To hide these folders from public view, enter the following commands each followed by the ENTER key:
chmod 744 install chmod 744 upgrade
Typing ls -l should give you this:
drwxr--r-- 8 apache apache 1024 Oct 16 20:51 install ... drwxr--r-- 8 apache apache 1024 Oct 16 20:51 upgrade
This won't change the permissions of files and child folders but it will make it impossible to access them.
Try browsing either folder in Firefox or Internet Explorer (i.e.: http://www.yoursite.com/gallery2/install or http://www.yoursite.com/gallery2/upgrade). You should see an error page similar to this:
Forbidden You don't have permission to access /gallery2/install/ on this server. Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request. Apache/1.3.33 Server at www.yoursite.com Port 80
With chmod 744 you'll still be able to navigate into the folders using a command shell but unable to view the contents from a web browser. You could chmod 644 but it will revoke your ability to cd into the folder until you change the permission back to 744 or 755.
If you need to update your Gallery2 installation using a web browser you'll need to change the permissions back to 755.
Login to your web site and navigate to your Gallery2 folder (i.e.: cd public_html/gallery2)
To restore these folders for public view, enter the following commands each followed by the ENTER key:
chmod 755 install chmod 755 upgrade
You can now access these folders in your web browser to perform an upgrade or re-run the installation process.
When using the chmod command don't add the -R flag. Doing so will alter permissions on all child files and folders potentially causing problems.
