I am creating a folder to have my website in it. How do I add permission to create this folder?
MKDIR 777 MyWebSite
Will give Rear, Write & eXecute access to everyone.
So what is the best set of permission that i should use when creating this folder ?
Best is 755 for everything (dirs) 644 for files. Some directories (like uploads in WordPress) need to have 777 as any user can send file there. But that BIG permission should be set only for such directory not for everything. Normally READ for files and execute for dirs (with read) would be enought for almost any directory and file (only that upload dirs needs more).
For a web document root, the best permissions are 755 for directories/folders & 644 for files. The key is making sure the directories/folders as well as the files are owned by the same user connected to the web server. Which in Linux systems is usually www-data. I actually gave a fairly detailed explanation on why 777 permissions are not good for any reason over here and here is an edited version for your question.
When you set permissions to 777 it means that 100% anyone with access to your machine on any level can read, write & execute the file. Meaning if your site gets hacked, a hacker than then use the execute permissions to launch scripts to get deeper in your system. Or someone else on the system—since they can read, write & execute the file—can simply delete your files without you ever knowing.
Setting directories to 755 and setting files to 644 is the best way to go as long as the ownership of the file is solid & correct. 644 permissions basically break down as follows:
The first 6 means the owner of the file can read & write to it.
The next 4 means members of the group connected to that file can only read it.
The next 4 means others—who are neither the owner or a member of the group—can read it.
As for 755 they are best for directories/folders because directories/folders need to have execute rights to allow you to view the contents inside of them. So it breaks down like this:
The first 7 means the owner of the file can read, write & execute it.
The next 5 means members of the group connected to that directory/folder can only read & execute it.
The next 5 means others—who are neither the owner or a member of the group—can can only read & execute it.
Related
On my school directory when I ls -l (running Fedora) I see that I have a ton of files and directories owned by me, but one specific directory is owned by someone else. I recall a few months ago I tried copying that directory to my own as it had 744 privileges by that user. For some reason that user owns the directory in my home directory with 700 privileges so I cannot delete the directory. My home directory has 700 privileges.
Anyone know why something like this could have happened and how I can prevent it form happening in the future? Also, how should I go about deleting these files in my home directory? If needed I can contact IT but I want to see if there is anything I can do without contacting them.
Yellow is my user, red is the foreign user
Two possible options IMHO:
Check the permissions of your /home/YELLOW folder, if it
has o+w, or g+w, someone (the user
listed as the owner of the directory) may have created it there.
root did it. It doesn't make much sense for you, so probably if he/she did, it was by mistake (for example, performing some backup-and-restore administration and so on).
Normally permission for deletion of things in unix filesytems are grabbed from
the parent folder, so, you need to have "write permission" in a folder
to create or remove files (unless there is sticky bit in action);
directories are just special type of files so the rules still applies.
If the directory is empty, a simple rmdir p2Testing or rm -rf p2Testing would be enough. But, if the directory has files and
sub-directories, you won't have permissions to modify or delete them
(look at the drwx------), and only someone with more powers will be
able to do it for you (e.g. root, or the owner if he still have +w in
/home/YELLOW).
I am developing on LAMP and have come to understand that folders need execute permissions in order to use the files within them. Does this mean that chmod 100 is where I should start for most of these? Do read permissions do anything on a folder?
Yes, read permissions on a folder is needed to list the content of the folder, in other words, do a ls
I run servers on my Linux Server (Ubuntu) and there's a bit of a problem. It may seem simple to fix, however I don't think it is. The servers run in my username (server), however, others access certain files with different users via FTP. Because the server is running in my username, whenever a plugin creates new files, they do not have permission to edit etc.
I have tried putting the users into groups and then allowing group access to that folder (even for new files), but had no luck. Every time they need to edit the files, I need to chmod -R 777 it.
I thought about running the servers in their usernames, however that would produce complications. Is it actually possible to make new files retain the permissions of the parent (or a top folder)? All the solutions I've found doesn't seem to work.
Not for users but for groups. You can:
chmod g+s parent_dir
chgrp shared_group parent_dir
If you create files inside it, that files will have the group of the folder (shared_group).
Have a folder and files as follows:
Folder:
drwxrwxrwx 3 me 153157 8 Aug 17 14:17 Nugget
File within Nugget:
...
-rw-rw-r-- 1 web web 24 Aug 17 14:17 nugget.php
I need to change permissions on nugget.php to 777 as per the documentation.
$ chmod 777 nugget.php
chmod: nugget.php: Operation not permitted
Suggestions?
You could do this as root but I suggest to sit back and think about it for a moment. Anyone with access to your computer will be able to change this file in any way. Crackers get paid money to find files like that and abuse them.
Usually, your problem is that the web app needs to read the file and some user needs to be able to write it. In this case, chown the file to the user and leave the group as web and set the permissions to 640 (local user can read+write, web can only read).
Unless you are in group web, you do not have permissions to write that file. If you own the system, you can use sudo to accomplish what you need. However, if you had sudo access, you probably wouldn't be asking.
Since you own the directory, you can delete the file. So one workaround would be: save the text of the file somewhere else (in another window). Delete the file. Recreate the file in an editor, pasting in the text. Save. That should do it. However, it's possible since this is a script that doing this would break the script (it might need to run as user 'web').
The safest alternative is to ask the system administrator to add you to the group "web", or else to have him or her change the group of the file to a group that you are in.
Your account (the one you logged in as) does not seem to have permissions on that file.
It's owned by "web", and you're not logged in as that user or that group. The permissions on that file for accounts that are not the owner or that do not belong to the web group are listed as "r--", which means the account that you logged in as can only read it.
So, login as root or "web" and perform the same operations.
sudo chmod 777 nugget.php ??
I want to share a folder among all users of a group : dev. So that all files are regardless of the owner can be edited by anyone in the group.
I have created the shared folder and set the respective permissions to the folder.
When a user creates a new file in that folder it belongs to owner:dev
But the permission for the files are rw-r--r--
So other users who belong the same group are not able to edit the files.
Like default group become "dev" how can I set the default permission for the files created in that directory.
I don't want to use "umask" technique because the user will upload files into that directory throuh ftp and other tools.
This really belongs on serverfault and I already mentioned there's almost an exact duplicate there, but anyway there's a nice little solution you can use, which is the FUSE bindfs module (there's a package in ubuntu). You use it to mount one directory onto another mountpoint and can set things such as the default permissions of any files created here, their owner, group and the permissions of files already in the directory (which is what you seem to want).
I don't want to use "umask" technique because the user will upload files into that directory throuh ftp and other tools.
That's the only way to do it, unless those "other tools" are themselves able to adjust permissions.
If you have root access, you can set the default umask for everyone to 002 from /etc/bashrc (assuming bash the default shell for the users in question).
A hack (and this is less preferable to umask) is to setup a cron job that will run every minute and do a chmod -R g+w <dir>.