Welcome to WebmasterWorld Guest from 220.127.116.11
Forum Moderators: bakedjake
(At this point I should mention that I'm talking about a shared webhosting environment, not a Linux workstation, dedicated server, or anything like that where I have control over what users are on the box.)
As far as I see it, there are a few different "types" of files I could use on my website:
Obviously some scripts would fit two or more of those categories, but besides that, am I missing anything in the list above?
Assuming I'm right in my categorization of files, what file permissions should I use on each type of file? And, what are the security and functionality implications of the several sets of permissions I could choose from?
Finally, I just heard today that sometimes scripts that give permission errors need to be chown'd to 'nobody.' When might this occur, and are there better ways to eliminate permission errors?
I realize this may be a big topic, but I've searched and searched and can't find a tutorial that answers these questions. So a little guidance in this area would be warmly appreciated.
what is important to consider here is that the server is considered a user which must have sufficient permission to access the script, which process then inherits the server's environment.
the permissions on files which must be read by the server should also provide read access to the server and/or the server's group.
the permissions on directories in which the server writes files must provide write access to the server and/or the server's group.
the database access issue is usually not related to file permissions since the web server accesses database files typically through a db server.
static files such as images and css are still accessed by the server and therefore must allow read access for the server and/or the server's group.
that is a very general overview of the file permissions mechanism.
you didn't mention which web server but if it's apache you can read more here:
there are also apache directives which you can use to protect files and directories.
or if you have something more specific...