Owner/group/public

corblimey

I've been developing for a long time, but this particular part of the process has always passed me by. What permissions do I need to set on a file and/or directory?

php files that I create are 644 (-rw-r--r--), along with files (say images) uploaded by users. They seem to work ok. sub folders seem to be 755 (drwxr-xr-x), but I've changed some of them to 777 (drwxrwxrwx) which is probably really dodgy.

For example, a part of my site writes a html file to a specific directory. So if any user of the site wants to do this, are they "public"? So they'll need write access to that folder? What about the folders above it - is there any inheritance or anything? If the html file is being written to 'corblimey/test/html', then do I only need 777 permissions on 'html'? Do I even need that much? If the html file itself should thereafter be overwriteable by the same process, does that file also need to be 777?

Also, where does 'group' come into when we're talking about a public website? I know the concept of user/group/public in Unix terms, but not in relation to a website, really.

Is there any best practise document I should be au fait with rather than just setting things to 777 when they don't work as they should?

azzeretti

corblimey wrote: »

I've been developing for a long time, but this particular part of the process has always passed me by. What permissions do I need to set on a file and/or directory?

php files that I create are 644 (-rw-r--r--), along with files (say images) uploaded by users. They seem to work ok. sub folders seem to be 755 (drwxr-xr-x), but I've changed some of them to 777 (drwxrwxrwx) which is probably really dodgy.

For example, a part of my site writes a html file to a specific directory. So if any user of the site wants to do this, are they "public"? So they'll need write access to that folder? What about the folders above it - is there any inheritance or anything? If the html file is being written to 'corblimey/test/html', then do I only need 777 permissions on 'html'? Do I even need that much? If the html file itself should thereafter be overwriteable by the same process, does that file also need to be 777?

Also, where does 'group' come into when we're talking about a public website? I know the concept of user/group/public in Unix terms, but not in relation to a website, really.

Is there any best practise document I should be au fait with rather than just setting things to 777 when they don't work as they should?

Generally the user/group that needs permission to the file/folder is the user running the web server. Apache/www-data for most apache installs. You shouldn't really assign 777 to anything (In my opinion) as you are giving EVERYONE full access to the file. File/folder permissions are only in UNIX terms, that is, the file system permissions rule and dictate what happens (mostly).

I would recommend assigning the user running the webservice the appropriate permissions to the files in questions (This might be slightly different if the web app links uid's to logins - in that case the public area may not really be public! - to confuse things even more!)