Jump to content

Folder Permissions For Web-server


chanchao
 Share

Recommended Posts

When installing almost any content management or blog system or anything else that uses php en mySQL, like the Coppermine gallery, Mambo, eGroupware and others, I run into the following problem:

 

These apps of course need write-access to some folders, that's fair enough. So these folders need write-access for the webserver-user. My problem is that the only way to achieve this is to make folders WORLD-readable, i.e. absolutely anyone from anywhere has write access to these folders which is obviously a huge security risk.

 

If I restrict permissions to writable only by myself and my group, the webserver can't write to it. Is my webserver in a different user group from me? Ideally it would be in the same group so I can allow the webserver write & execute access, but read-only access to the rest of the world.

 

So I'd like to set permissions to those folders to 755 or 775. Or, grant access to the web-server in some other way. Currently the only way I can get any content delivery system to work is by setting 777..... :P That's like, bad, right?

 

Thoughts, ideas, suggestions?

 

Cheers,

Chanchao

Link to comment
Share on other sites

World-writable (777) is not nearly as bad as it seems. First, it is not writable by anyone in the world, just from people on the same server as you. Second, your account probably has a open_basedir restriction in effect for php which means that only your account can access your files, even if they are world readable.

 

Yes, the web-server is in a different group than you. So, you must stay with 777, but like I said earlier, that is still fairly secure.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...