Recently, based on recommendations from Jen and myself, another web designer of note moved her hosting to Liquidweb. I'm sorry to say she had an agonizing period of adjustment. It was all about the dreaded file permissions and ownership.

In Mambo and J10, it was often necessary to set certain files and directories to be writable by anyone. Due to the way web servers have traditionally been set up, the only way a system like Joomla could upload files and modify the website's directory structure (when installing an extension for example) was by making the file system, even if only temporarily, writable by the whole world.

We were pleased to see the addition of the ftp layer in Joomla 1.5. It meant not having to open up the file system like this. But even in J15, certain 3rd party extensions require a directory here and there to be set world writable. It has recently come to my attention that some webhosts will shut down your account if any files or directories are set this way.

Let's say you have a website iamadoofus.com and the account name is iamadoof. When you upload a file - for example an image in the Joomla media manager - the process on the server attempting to save the file is owned by the anonymous Internet user. Typically known as nobody on unix systems. But if the directory (say 'images/stories') is owned by iamadoof and doesn't permit just anyone to write to it, the upload will fail.

Using the ftp layer in Joomla meant we could have Joomla do the upload by logging in via ftp as iamadoof. Problem solved. Sort of. The user/password has to be stored in the configuration file and is in clear text. Which means if you are on a shared server and some other site gets hacked, they can get your credentials out of the configuration file. In fact, this happened to one of my clients hosted on someone else's shared server.

Plus, if you want to change the password on the account, you have to remember to change the credentials in Joomla as well.

Enter suphp. Now the php server runs as if it were the account owner. All the advantages of using the ftp layer without the hassle or need to store a clear text password.