Best and Proper Permissions Settings for Directory

Posted by Dr. DOT on Server Fault See other posts from Server Fault or by Dr. DOT
Published on 2009-12-15T14:34:42Z Indexed on 2010/04/21 5:03 UTC
Read the original article Hit count: 340

Filed under:

permissions

|

group

I am interested in knowing the proper, yet security-conscious settings for a directory. Here's my scenario:

I have a username for FTP access to my server called "user".
For the purpose of the scenario, PHP runs as "nobody" on my server.
I have a directory off the document root called "sample".
The "sample" directory is chmod'd at 0755 (drwxr-xr-x)
"Sample" is owned by "user" and the group is set to "user"

The above is all very straight forward and standard.

So I want to have a script be able to create (mkdir) and delete (rmdir) directories under "sample". Yet, I don't want to obviously overly expose my server by opening up the permissions (I could easily chmod sample to 0777 and make it world write-able).

What is the best combination of permissions, owner settings and/or group settings to allow my script to create and delete directories under "sample" while retaining the ability for "user" to continue to FTP into the directory?

Thanks.

© Server Fault or respective owner

Related posts about permissions

Mailman Error / Cpanel

as seen on Server Fault - Search for 'Server Fault'
Mailman is giving off this error when any changes are made to the list: ======================= Bug in Mailman version 2.1.14 We're sorry, we hit a bug! Please inform the webmaster for this site of this problem. Printing of traceback and other system information has been explicitly… >>> More
NTFS Permissions - Correct combinations of special access permissions

as seen on Server Fault - Search for 'Server Fault'
What would be the correct combination of NTFS special access permissions to allow an AD group (Authenticated Users) to copy files to a share, but after copying no one in the AD group should be allowed to edit, overwrite, rename, or delete the file? The AD group should also be able to copy files from… >>> More
FTP, permissions: I cannot see permissions but I can change them

as seen on Super User - Search for 'Super User'
hi, I'm browsing a server with my ftp client. When I try to get the information about a folder, I cannot see the permissions (all rwx checkboxes are uncecked). If i try to check one of it, the opeartion is succesfull (I don't get any error), but then when I come back it is again unchecked. What… >>> More
Snow Leopard doesn't repair permissions, despite showing / saying its fixed them?

as seen on Super User - Search for 'Super User'
Sometime ago, I used carbon copy as I was replacing my hard drive in my Mac Mini running Snow Leopard. Afterwards, on my new drive I had some permission problems. I've tried several times running a repair permissions / repair disk from disk util. It shows that there are problems and I think it says… >>> More
IIS Permissions or NTFS Permissions?

as seen on Pro Webmasters - Search for 'Pro Webmasters'
I currently have a Windows Server 2003 setup to serve multiple sites via IIS. One of our directories needs to allow access to only 1 specific AD Security Group. I know there are two ways to accomplish this. One is using IIS to add permissions and the other is to set permissions on the folder/directory… >>> More

Related posts about group

Twitter Bootstrap styling conflicts with plug-ins like jqGrid and other third part libraries

as seen on Geeks with Blogs - Search for 'Geeks with Blogs'
Issues:The concern is that the Twitter Bootstrap framework is that some of their css selectors are simply too generic and have incompatibility issues and conflicts with most third party plug-ins and css libraries, like jQuery-UI and jqGrid.My most pressing concern is only with the generic selector… >>> More
ASA hairpining: I basicaly want to allow 2 spokes to be able to communicate with each other.

as seen on Server Fault - Search for 'Server Fault'
ASA Spoke to Spoke Communication I have been looking at spke to spoke comms or "hairpining" for months and have posted on numerouse forums but to no avail. I have a Hub and spoke network where the HUB is an ASA Firewall version 8.2 * I basicaly want to allow 2 spokes to be able to communicate with… >>> More
Using net group to add users to a AD group

as seen on Server Fault - Search for 'Server Fault'
Hi, I'm trying to add users to the an Active Directory group using net group. We use Domain Local groups for everything. When I go to run the command net group "group name" "username" /add /domain it returns "The group name could not be found. More help is available by typing NET HELPMSG 2220." If… >>> More
rsync set group owner, group permission

as seen on Super User - Search for 'Super User'
I want to use rsync to transfer files from my computer to a remote Linux system. Regardless of the local file's group ownership, I want to set these values on the remote side. If I was on the remote Linux system, I could create the directory and set the ownership and permissions as: mkdir my_directory chown… >>> More
Create a group(ABGroup) and add person record to the group programatically in iphone

as seen on Stack Overflow - Search for 'Stack Overflow'
Im creating a group using ABGroupCreate(), i have 10 person(ABPerson) records. Im using ABGroupAddMember function inorder to add the person to the group, but the person record is not getting added into the group. Yes im saving the addressbook. Am i missing something here, i need help this on. >>> More