homepage Welcome to WebmasterWorld Guest from 54.243.13.30
register, free tools, login, search, subscribe, help, library, announcements, recent posts, open posts,
Pubcon Website
Home / Forums Index / Hardware and OS Related Technologies / Linux, Unix, and *nix like Operating Systems
Forum Library, Charter, Moderators: bakedjake

Linux, Unix, and *nix like Operating Systems Forum

    
File/Folder Permissions Guidelines for Website
how do i make sure my files/folders are properly protected?
suga




msg:3594553
 10:39 pm on Mar 7, 2008 (gmt 0)

i have a website consisting of many pages coded in php. the php pages often use scripts located in the /scripts folder. i just realized if i go to my web browser and type in the actual path to a script, i can see the contents of the script online. i dont want these files and directory to be seen, but i do need for them to be used by other php pages.

what are some guidelines for unix file/folder permissions for webpages and scripts?

thx.

 

jtara




msg:3594726
 3:03 am on Mar 8, 2008 (gmt 0)

what are some guidelines for unix file/folder permissions for webpages and scripts?

It's irrelevant, unless you are on shared hosting and want to protect your scripts from being seen by other shared hosting customers.

You need to change your webserver configuration so that your scripts are not visible.

crazyindian86




msg:3597521
 3:53 pm on Mar 11, 2008 (gmt 0)

either way i would suggest setting your permissions to 644. that is generally what most hosts also tell you to use.

jtara




msg:3597558
 4:24 pm on Mar 11, 2008 (gmt 0)

either way i would suggest setting your permissions to 644. that is generally what most hosts also tell you to use.

I hope you meant 600.

644 would give read/write permission to you, and read permission to anyone else.

The corresponding umask for 600 permissions is 0177. umask 0177 will cause all new files where permission are not explicitly set to have permission 600.

Beware of programs that explicitly set permissions! umask alone is not enough.

BTW, I always use the "modern" permission notation to avoid confusion:

chmod u=rw somefile

Sets read and write permissions for the user, and clears all others - equivalent to 600.

Unfortunately, there is no alternate syntax for the umask command.

[edited by: jtara at 4:34 pm (utc) on Mar. 11, 2008]

raedthakur




msg:3597562
 4:26 pm on Mar 11, 2008 (gmt 0)

could you please explain in a little detail?

jtara




msg:3597595
 4:48 pm on Mar 11, 2008 (gmt 0)

Unix permissions 101:

Permissions can be set for three contexts:

User - you, your user ID
Group - your group, any user ID in your group
Other - any other user ID not in your group

Groups are rather arbitrary and can represent anything. If you are on shared hosting, you have no control over this. The group might be "customer", different customer classes, or, more securely, they might create a group for each customer equal to your user ID.

Within each context, you can control read, write, and execute permission.

In the "old style" notation system, an octal digit represents the permission bits for each of user, group, and other. A 3-digit octal number represents all of the permission bits. The bits in each digit represent read, write, and execute in that order.

0ugo, replace each of ugo with an octal digit

Within each digit:

1 = execute
2 = write
4 = read

Thus 4 = read permission
6 = read/write permission
Etc.

umask is the 1's compliment of the bits that you do NOT want to be set when you create a file with default permissions. That is, you set a bit in the umask for each permission bit you do NOT want set.

Keep in mind that this has NOTHING (OK, little) to do with whether the outside world can see your files. The outside world can see your files if your web server has permission to read the files, and is configured to allow access to the file.

Depending on how the web server is configured, you MIGHT be able to use Unix permissions to deny access to the web server. But web servers have their own permission system additionally for granting access to the outside world that has nothing to do with this, and doesn't work the same way.

And, sorry, that does point out an error in my initial response: 600 might not be appropriate on all shared hosts - depends on what user/group the web server operates as. If the server runs as root, it has access to all of your files, no matter what you do. If it doesn't run as root, you will need to grant to appropriate permissions. This is a site configuration issue which will vary, and you will just have to follow the advice of your host.

Beware, though, with anything other than 600, you might be giving away your scripts to every other user on the host.

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Hardware and OS Related Technologies / Linux, Unix, and *nix like Operating Systems
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About
© Webmaster World 1996-2014 all rights reserved