Struggling with proper way to setup Permissions on Linux/Apache Web Server
Posted
by
Dr. DOT
on Server Fault
See other posts from Server Fault
or by Dr. DOT
Published on 2011-02-11T14:40:43Z
Indexed on
2011/02/11
15:27 UTC
Read the original article
Hit count: 271
Your expert experience and assistance is great, greatly appreciated here.
I have been running a LAMP server for a long time, yet I still struggle with the best way to set file & directory permissions for FTP and WWW protocol activity.
My Control panel is WHM/cPanel (not that it makes a difference), and out-of-the box:
- files are owned by the user account setup in WHM (eg, "abc")
- files have a group setting of "abc" as well
- file permissions are created with 644
- directories are owned by "abc"
- directories have a group setting of "abc"
- directories permissions are created with 0755
Again, these are the default permission settings.
Now everything is fine with FTP activity, but please advise me if any of these file/directory settings create issues, especially with security.
Here's where my struggle comes into play. I have PHP apps that allow a visitor to create, edit, rename, delete, etc. sub-directories and files in certain selected directories. PHP runs as "nobody" on my server.
So in order to get my PHP/Web apps to work, I have had to:
chown nobody *
chgrp nobody *
chmod 0777 *
to everything in these certain & selected sub-directories.
I know this is probably a huge security whole (so don't ask me for any links :) but how should I set all the permissions to allow my FTP user to do his thing while allowing the PHP apps to do their thing will also "minimizing" any security risks and exposures? I know that big CMS systems like Drupal, Joomla, WordPress and so on, handle this.
Thanks ahead of time for reading through this and offering your expert advice!
© Server Fault or respective owner