Djoomla

Before we start on Joomla, let's get the very basics of UNIX file permissions.  Each file on UNIX has an owner and a set of permissions.  The permissions specify what the owner, the users in the owner group, and everyone else can do to the file.  The owner (and a superuser or root) can change the permissions.  By default, the owner is the creator of the file.  And the default permission is usually user read and writable and everyone else read only (644).  It is important to understand these basic concepts.  You can read more on Unix file permissions here.

Now for Joomla, on a typical installation, you unzip the files first, then FTP them to your server, then you (or the username you used to login to FTP) are the owner of the files.  The web server is usually running under user "apache" or "nobody", it can read the files, but cannot modify them.  This is why the Joomla web installer asks you to change permissions of certain files to world writable (777 or 666).  This is so that the installer can change certain files.

After Joomla is running, you typically install templates, components, modules through the Joomla web administrator interface.  Now, these files are created by the web server user.  When you login to your server through FTP or SHELL, you often cannot modify these files.  If you have shell and root access, you can login as root and change the file permissions.  A better way is simply install MamboXplorer and use that to change the file permissions.  This works because MamboXplorer is running through the web server.  MamboXplorer has a nice editor in there so that you can edit files directly.  But MamboXplorer will not be able change Joomla core files, which are owned by you (or your FTP user).  So solve this, you can change the permission of files through FTP to be world writable.

Now you can edit files, what about security.  Yes, it is not recommended to leave a bunch of files to be world writable.  This is especially true on shared hosting.  I won't go into the details of that in this tutorial.  I would recommend that you change all files to your own user and edit the files through FTP or SHELL access.  You lose the convenience of editing the files anywhere you want, but hey security is always inversely proportional to convenience.

Thanks.