Module SecurityInfo & user_id/group_id

I tried to get rid of all warnings from the SecurityInfo module. But I kept getting two red alerts concerning a priviledged user/group running the php files.

Using the current debian package the php runs using www-data:www-data account which uses user_id=33 (same for the group_id). The uid.php and gid.php scripts of the module define a minimum value of 100 to be save which is to strict. Anything above zero should even be OK, as ist might not be root anymore.

I changed the defines to 10 and - as expected - the red warning disapeared. (PHP is executing as what is probably a non-privileged user) & (PHP is executing as what is probably a non-privileged group)

Could anyone just change these to constants to either a lower value or depending of the OS to a meaningful value?


SecurityInfo provides “best practices” recommendations. Piwik doesn’t actually know if you share your web server with other users.

With a privileged user, the implication is that the web server executes all php code under one user ID.

So, my code running at could access the files in another user’s public_html directory on the same server, or session files in the shared session folder, etc.

english and more technique is difficult!

i have that in red

register_globals is enabled. This could be a serious security risk. You should disable register_globals immediately

i have look at everyvhere, i do not at all what i have to do.

and also can you said to me if that my file wp-config.php gone at less 1 by day is the same reason ?


In your /etc/php.ini file, turn it off, i.e.,

register_globals = Off

Please help me out with this:
Is it possible to get the username and location(other than country) in Piwik.

krishna: you’re hijacking an unrelated topic; short answer is yes; use custom variables

Hi everybody,
I am new to Piwik but I seem to have the same problem as kkretsch:

In my security listing I have two red errors regarding user_id and group_id. I tried to change both to a new user (test) with a user_id of 1001 but had no success. I have to give the pwik folder 777 in order for it to work.

What can I do to set up Piwik in a secure manner? We are running several instances of piwik.

Thanks in advance!

Mr.Vitriol: You don’t have to do this unless all files are shared with many users.

Thank you for your advice. I knew that this is no real security issue in our case but my boss is afraid the customers could see this and get concerned…

Any way I played around with user permissions until everything was ok. My solution is giving apache2 a new owner and giving this owner all rights to the piwik folder. Simple as that but hard to find out if you new to all this.