Edward Posted May 6, 2014 Author Share Posted May 6, 2014 I guess we can just see how things run when our sites are up and then if we experience any security problems we can harden up on the site or server security at that point in time. Link to comment Share on other sites More sharing options...
mtester Posted July 20, 2014 Share Posted July 20, 2014 I believe you are misunderstanding how permissions are used in *nix systems. Setting the permission 6 (or rw) is not good in general on a directory. You want 5 or 7. So 755 or 775 or 777 are the most common ones. Why? The read permission grants the ability to read a file. When set for a directory, this permission grants the ability to read the names of files in the directory, but not to find out any further information about them such as contents, file type, size, ownership, permissions. The write permission grants the ability to modify a file. When set for a directory, this permission grants the ability to modify[clarify] entries[clarify]in the directory. This includes creating files, deleting files, and renaming files. The execute permission grants the ability to execute a file. This permission must be set for executable programs, including shell scripts, in order to allow the operating system to run them. When set for a directory, this permission grants the ability to access file contents and meta-information if its name is known, but not list files inside the directory, unless read is set also. This is taken from Wikipedia. There are numerous other sources available. Something else you may want to look at is the Umask being set. That controls the default permissions of new directories/files when they are created. This is usually set in ~/.bashrc as umask 022 # default files permissions are 644 and for directories, 755 or umask 027 # default files permissions are 640 and for directories 750 Finally, the last thing to check is in the Yii Framework itself in ./framework/web/CAssetManager.php. There are two settings there that determine how files and directories are created. public $newFileMode=0666; public $newDirMode=0777; I changed these to be 0664 and 0775, respectively for more security on the machine. Hope that helps. Link to comment Share on other sites More sharing options...
Brent Knigge Posted October 29, 2014 Share Posted October 29, 2014 Hope its not too late to chime in here. There have been some good points raised in regards to file permissions, however you also need to look at the group and owner of your directories and files (which hasn't been mentioned yet). If your site was uploaded via ftp/scp etc to your home directory, and then copied using sudo to your /var/www folder, then chances are the files and folders are now owned by root. For apache to run your site, you need appropriate permissions (755 etc), but you also need the right owner and group. Apache runs under www-data, so your files and folders should also be www-data. To make this change for all folders and files in your website, use the following command. sudo chown -R www-data:www-data /var/www/myWebsite The -R means to recursivily to files and sub-directories etc. I have changed the owner and group at the same time, however you can do them separately if necessary. sudo chown -R www-data /var/www/myWebsite sudo chgrp -R www-data /var/www/myWebsite 1 Link to comment Share on other sites More sharing options...
Recommended Posts