Struggling with proper way to setup Permissions on Linux/Apache Web Server

Posted by Dr. DOT on Server Fault See other posts from Server Fault or by Dr. DOT
Published on 2011-02-11T14:40:43Z Indexed on 2011/02/11 15:27 UTC
Read the original article Hit count: 271

Filed under:
|
|
|

Your expert experience and assistance is great, greatly appreciated here.

I have been running a LAMP server for a long time, yet I still struggle with the best way to set file & directory permissions for FTP and WWW protocol activity.

My Control panel is WHM/cPanel (not that it makes a difference), and out-of-the box:

  • files are owned by the user account setup in WHM (eg, "abc")
  • files have a group setting of "abc" as well
  • file permissions are created with 644
  • directories are owned by "abc"
  • directories have a group setting of "abc"
  • directories permissions are created with 0755

Again, these are the default permission settings.

Now everything is fine with FTP activity, but please advise me if any of these file/directory settings create issues, especially with security.

Here's where my struggle comes into play. I have PHP apps that allow a visitor to create, edit, rename, delete, etc. sub-directories and files in certain selected directories. PHP runs as "nobody" on my server.

So in order to get my PHP/Web apps to work, I have had to:

chown nobody *
chgrp nobody *
chmod 0777 *

to everything in these certain & selected sub-directories.

I know this is probably a huge security whole (so don't ask me for any links :) but how should I set all the permissions to allow my FTP user to do his thing while allowing the PHP apps to do their thing will also "minimizing" any security risks and exposures? I know that big CMS systems like Drupal, Joomla, WordPress and so on, handle this.

Thanks ahead of time for reading through this and offering your expert advice!

© Server Fault or respective owner

Related posts about php

Related posts about linux