I have a Linux server (Debian 7) with lots of users who needs Wordpress. When I create the users what group should they be in? Today I assign them to www-data.
Then they download Wordpress by SFTP and runs the installation.
Which file permissions and user/group should their files have, specially wp-config.php?
Now, users can peek in eachothers wp-config.php from the terminal and read the password. Not very good.
Since the users aren't root they cant change file permissions/owner of wp-config.php which would solve my problem.
You can use this script by Mike Conigliaro for for setting permissions correctly on all wordpress files.
WP_OWNER=changeme # <-- wordpress owner
WP_GROUP=changeme # <-- wordpress group
WP_ROOT=/home/changeme # <-- wordpress root directory
WS_GROUP=changeme # <-- webserver group
# reset to safe defaults
find ${WP_ROOT} -exec chown ${WP_OWNER}:${WP_GROUP} {} \;
find ${WP_ROOT} -type d -exec chmod 755 {} \;
find ${WP_ROOT} -type f -exec chmod 644 {} \;
# allow wordpress to manage wp-config.php (but prevent world access)
chgrp ${WS_GROUP} ${WP_ROOT}/wp-config.php
chmod 660 ${WP_ROOT}/wp-config.php
# allow wordpress to manage .htaccess
touch ${WP_ROOT}/.htaccess
chgrp ${WS_GROUP} ${WP_ROOT}/.htaccess
chmod 664 ${WP_ROOT}/.htaccess
# allow wordpress to manage wp-content
find ${WP_ROOT}/wp-content -exec chgrp ${WS_GROUP} {} \;
find ${WP_ROOT}/wp-content -type d -exec chmod 775 {} \;
find ${WP_ROOT}/wp-content -type f -exec chmod 664 {} \;
This is how I solved it:
Create users in a group "users". Create a script in /etc/cron.hourly that fixes permissions on all wp-config.php-files like this:
for f in locate wp-config.php
do
chgrp www-data $f
chmod 640 $f
done
Works like a charm.
Related
I am working with digital ocean and WordPress. I have uploaded my theme and my file permissions are all wrong. I know how to set the file permissions individually using ssh but I'm wondering if I can do multiple at once rather than doing each individually. I want to set all folders inside my theme to 755 and all files to 644 (correct me if this is wrong)
Here's what I have done so far; I navigated to my theme folder using ssh then used to following command to set file permissions;
chmod 644 file.php
chmod 755 folder
chmod -R 755 will set these permissions to all files and subfolders in the tree. To set the directories to 755 and either leave the files alone or set them to 644. For this, you can use the find command. For example:
To change all the directories to 755 (drwxr-xr-x):
find /opt/lampp/htdocs -type d -exec chmod 755 {} \;
To change all the files to 644 (-rw-r--r--):
find /opt/lampp/htdocs -type f -exec chmod 644 {} \;
Please try below command for directory
find /var/www/html/ -type d -exec chmod 755 {} \;
Below command is for files permission
find /var/www/html/ -type f -exec chmod 644 {} \;
I am trying to change the permissions of a files present in a directory and subdirectories using the below command and running into below error..can anyone help?
user#machine:/local/mnt/workspace$ find . -type f -exec chmod 644 {} \;
chmod: changing permissions of `./halimpl/ncihal/adaptation/NonVolatileStore.cpp': Operation not permitted
you can run the following command:
#chown -R directory_path
But it will change the permissions of directories also.
For only files, you can run.
#find directory_path -type f -exec chmod 644 {} \;
It also looks like you dont have enough permissions. try
#sudo find directory_path -type f -exec chmod 644 {} \;
or run the command as root user.
It looks to me like you don't have permission to change NonVolatileStore.cpp.
Are you aware of chmod's -R switch that recursively changes permissions?
if you have the root privilege, try:
sudo find . -type f -exec chmod 644 {} \;
It could be that you simply don't own that file. Run an ls -l on it to see full permissions and who the owner is.
It could also be the filesystem is read only.
i'm asking what's the best linux permission to drupal files in the purpose to secure it.
My setting.php is under 444 but the others are 755 .
Thank you
Once finished editing the settings.php file, you should change it to 440 giving only you and the webserver read-only access.
440 is fine for the settings file. For the others do:
Navigate to sites/default folder:
chown -R :www-data files
Then give you and web server read/write permission to files folder ('s' makes the files inside the directory inherit these permissions.)
chmod g+ws files
If you need to overwrite previous created files' permissions do (navigate to sites/default/files):
find . -type d -exec chmod g+ws {} \;
find . -type f -exec chmod 664 {} \;
Now your web server can read/write but not execute files in the files directory.
After an install / setup of Magento on a LAMP Server, what files should be left writable, readable, and/or executable (by owner, group, public)?
What is optimal for a secure magento server?
All folders should be 775
All files should be 664.
Now the exceptions:
/var should be writable for everyone (777)
/media folder should allow web to write in it.
You can run those if you have SSH access:
find . -type d -exec chmod 775 {} \;
find . -type f -exec chmod 664 {} \;
Atleast that is what Magento Wiki suggest.
I'm trying to figure out what is the best file permissions/user/groups for files under my document root?
I have the following file structure
/home/user/public_html/
under public_html are all of my php files and directories.
I have one directory /home/user/public_html/files/ where people upload images to that directory.
What is the most secure way to distribute file permissions/groups/user so that apache can properly display the php files and directories?
Should I make public_html owned by apache? What group should I use for public_html?
thanks!
My Favourite mix of permissions for apache is to give it ownership of apache:apache, all folders chmod to 550 or 555, and all files chmod to 440/444. I suggest the following:
/home/user/public_html/ owned by apache:apache with permissions 555 (read/x by everyone)
/home/user/public_html/files/ owned by apache:apache with 775 (read/write/x by root/apache, read/x by all)
First need to find which user running https / apache2 server
ps -aux | grep apache2
Most of times apache or www-data comes
We need to set this user
chown -R www-data:www-data /var/www/html
Then file permission should be 644 and folder 755
we can do that using find command
find /var/www/html -type f -not -perm 644 -exec chmod 644 {} \;
find /var/www/html -type d -not -perm 755 -exec chmod 755 {} \;