This section describes the best way to secure your filesystem.
deskprouser on your server.
deskprouser. For example, on Linux:
chown -R deskpro:deskpro /path/to/deskpro
And make sure to disable write permission on files and directories:
find . -type d -print0 | xargs -0 chmod 755 find . -type f -not -path "*/bin/*" -print0 | xargs -0 chmod 644
chmod -R 0777 /path/to/deskpro/attachments /path/to/deskpro/var
If you want to secure permissions even more, you can use groups or ACL’s to make it so only
deskpro and your web server user (e.g.
nobody) can write to these directories, instead of world like we show here.
Next, you need to re-configure scheduled tasks for automatic updates. Since your regular task is now running as a user who cannot modify the filesystem, it means the updater won’t work; it will cause a permission error.
So you need to create a new task that only performs the update task, and you need to run it as the
deskpro user you just created.
bin/cron. Change it to
deskprouser. This time, create the task
For example, here’s what a <cite style="box-sizing: border-box;">/etc/crontab</cite> might look like:
* * * * * www-data /opt/deskpro/bin/cron --no-auto-updater * * * * * deskpro /opt/deskpro/bin/cron --auto-updater
Ensure your various services (MySQL, mail, Elasticsearch etc) are not accessible from the internet.
'deskpro'@'localhost'. The localhost host means that user can only be used locally.
Enable IP Whitelisting in Admin > Agents > Settings.
This class of software helps you monitor files and log files so you can be notified when something changes.