#1
  1. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Mar 2017
    Posts
    2
    Rep Power
    0

    File permissions: best settings and explanation needed


    Hello,

    I hope i am posting this in the correct subforum.
    As my name suggests i'm quite an amateur in webdevelopment, but I'm quickly learning! Recently my website got hacked, files were altered and added and my htaccess was changed. Trying to alter it again i noticed permissions were changed on .htaccess. After searching around on the internet I noticed many of my files have way too high permissions set (-rwx-rwx-rwx).
    As i'll be doing a clean sweep of the website, I would like to get the permissions right also. I am still stuck with some questions though:

    1. I know the permissions are for the owner - group - user. But 'who' is which? When is a file handled on each level?
    2. Which are the correct file permissions (see site structure explained below)


    Site structure:
    The site contains mostly .php files. All files are located in the httpdocs/ directory. The structure is below

    • httpdocs/
      • index.php
      • .htaccess
      • sitemap.xml
      • robots.txt
      • 4 directories with only .php or .css files
      • Image directory: only contains images that are used in the content
      • Admin directory:
        • .htaccess
        • index.php
        • Directories with .css, .php and .js files. Some also have functions to upload to the image directory


    Many .php files connect to a mysql database to read it. One file also writes to the database. Files from other directories might be included through php include()
    A few files in the admin folder should be able to upload image files. One file should also be able to create .txt files. Most files read and write to the mysql database

    Which permissions do it need on which level for which files? Are there any that have to be able to execute?

    Thank you for helping me understand this better.
  2. #2
  3. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Feb 2015
    Posts
    66
    Rep Power
    3
    It depends to the application, but the permissions usually have to be set to 755 for directories and 644 for files.

    You can achieve this with the following commands:
    Code:
    cd /path/to/application/
    find . -type d -exec chmod 0755 {} \;
    find . -type f -exec chmod 0644 {} \;
    For a better understanding of the Linux permissions you can check this link
  4. #3
  5. Forgotten Moderator
    Devshed Supreme Being (6500+ posts)

    Join Date
    Mar 2007
    Location
    Washington, USA
    Posts
    16,105
    Rep Power
    9644
    Also, it depends on the users involved. Though there are many ways to set up a PHP site, there are generally two user accounts involved:
    1. The user who put the files and directories on the server. They are also created as owned by a particular group that user belongs to, which naturally depends on the user; an account belonging to a person generally has their own dedicated group as well.
    2. The account that PHP is running as.

    They may be the same, but generally aren't - nor should they be. The first user is you, obviously, and the second user is typically "nobody" or "www-data" or "apache" or something else. You can find out who the second account is with PHP's get_current_user.

    Everything should be owned by you and with the permissions that rosehosting said.

    When PHP runs, it will run as that second account. It will use the world/other permission set (the third) when accessing files and directories because PHP is not the owner (you are) and it is not in the same group (you are probably the only one in your group). Files that are chmod 0xx4 will only be readable and directories that are 0xx5 will only be accessible - no writing allowed for either.
  6. #4
  7. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Mar 2017
    Posts
    2
    Rep Power
    0
    I know folders need the execute permissions, but are there also types of files that need this permission?

    @Rosehosting: For some reason the cheap host i use does not allow access to the command line (Can you access this externally?)

IMN logo majestic logo threadwatch logo seochat tools logo