effective folder permissions - linux

I am developing on LAMP and have come to understand that folders need execute permissions in order to use the files within them. Does this mean that chmod 100 is where I should start for most of these? Do read permissions do anything on a folder?

Yes, read permissions on a folder is needed to list the content of the folder, in other words, do a ls


Set permission to create a folder that contains a website

I am creating a folder to have my website in it. How do I add permission to create this folder?
MKDIR 777 MyWebSite
Will give Rear, Write & eXecute access to everyone.
So what is the best set of permission that i should use when creating this folder ?
Best is 755 for everything (dirs) 644 for files. Some directories (like uploads in WordPress) need to have 777 as any user can send file there. But that BIG permission should be set only for such directory not for everything. Normally READ for files and execute for dirs (with read) would be enought for almost any directory and file (only that upload dirs needs more).
For a web document root, the best permissions are 755 for directories/folders & 644 for files. The key is making sure the directories/folders as well as the files are owned by the same user connected to the web server. Which in Linux systems is usually www-data. I actually gave a fairly detailed explanation on why 777 permissions are not good for any reason over here and here is an edited version for your question.
When you set permissions to 777 it means that 100% anyone with access to your machine on any level can read, write & execute the file. Meaning if your site gets hacked, a hacker than then use the execute permissions to launch scripts to get deeper in your system. Or someone else on the system—since they can read, write & execute the file—can simply delete your files without you ever knowing.
Setting directories to 755 and setting files to 644 is the best way to go as long as the ownership of the file is solid & correct. 644 permissions basically break down as follows:
The first 6 means the owner of the file can read & write to it.
The next 4 means members of the group connected to that file can only read it.
The next 4 means others—who are neither the owner or a member of the group—can read it.
As for 755 they are best for directories/folders because directories/folders need to have execute rights to allow you to view the contents inside of them. So it breaks down like this:
The first 7 means the owner of the file can read, write & execute it.
The next 5 means members of the group connected to that directory/folder can only read & execute it.
The next 5 means others—who are neither the owner or a member of the group—can can only read & execute it.

Storing Qt application data files on Linux - not enough permissions

I have Qt application which should work on multiple platforms. One of those platforms is Linux. I am completely new in Linux world.
My application need to create and manage set of data files. After reading some links about linux directory structure I decided to store data files in /var/myapp directory and in its subdirectories.
Here is the problem: if my application runs without superuser privileges then it has no rights to create /var/myapp directory. Even if i will create directory manually (with sudo) my application will not have rights to write files there.
Is it possible to temporary elevate application's permissions from Qt code to create /var/myapp directory and write files there?
Or possibly there is another place in Linux directory structure which is by default available for storing application's data files?
Only root can create directories in /var. If your application needs a subdirectory under /var, you need to create it during installation (which typically runs with root permissions), and chmod it appropriately: either create a group for users that may run your application, put /var/myapp in that group, and chmod it to 770; or just chmod the directory to 777 to allow everyone to access it. If you want to prevent writing by regular users, use 755 or 750 instead. (For data files, don't set the execute bit though: the appropriate permissions here are 666/660/644/640). Instead of octal triplets, you may prefer the more elaborate mnemoic syntax to chmod, e.g. chmod ug+x filename adds (+) the execute bit (x) to filename for the owning user (u) and group (g).
However, /var is not necessarily the best choice: /var is typically used for volatile data (temporary files etc.), as well as things that are expected to change frequently (mail, log files, etc.). Other data should go into either:
/usr/share/{appname} for system-wide data files and resources
/etc/{appname} for system-wide configuration files
~/.{appname} (old convention) or ~/.config/{appname} for per-user configuration files
/var/tmp/{appname} for temporary files
Also, you want to make the /usr prefix configurable; most distributions reserve /usr for package-managed files, except /usr/local, which mirrors /usr for out-of-distro installs (so in that case, your system-wide resources go into /usr/local/share instead of /usr/share).
You could distribute it without installation scripts, but you'd have to tell them to run it once as root... or have the app run itself as root using gksudo/kdesudo if its system wide data files do not exist.
The custom though is to make a package (.deb, .rpm, or even a .tar.gz that the user will extract himself) including all necessary files.
But linux (and OS X for that matter) are multi user systems. Are you sure your files belong in /var or /usr? If they're created at runtime as you say, don't they depend on user input? In which case you need to put them in some directory inside the user's home directory (getenv("HOME")).

Linux file permissions and Java problems (permission retention)

I run servers on my Linux Server (Ubuntu) and there's a bit of a problem. It may seem simple to fix, however I don't think it is. The servers run in my username (server), however, others access certain files with different users via FTP. Because the server is running in my username, whenever a plugin creates new files, they do not have permission to edit etc.
I have tried putting the users into groups and then allowing group access to that folder (even for new files), but had no luck. Every time they need to edit the files, I need to chmod -R 777 it.
I thought about running the servers in their usernames, however that would produce complications. Is it actually possible to make new files retain the permissions of the parent (or a top folder)? All the solutions I've found doesn't seem to work.
Not for users but for groups. You can:
chmod g+s parent_dir
chgrp shared_group parent_dir
If you create files inside it, that files will have the group of the folder (shared_group).

ubuntu: share a folder to be used by all user in group

I want to share a folder among all users of a group : dev. So that all files are regardless of the owner can be edited by anyone in the group.
I have created the shared folder and set the respective permissions to the folder.
When a user creates a new file in that folder it belongs to owner:dev
But the permission for the files are rw-r--r--
So other users who belong the same group are not able to edit the files.
Like default group become "dev" how can I set the default permission for the files created in that directory.
I don't want to use "umask" technique because the user will upload files into that directory throuh ftp and other tools.
This really belongs on serverfault and I already mentioned there's almost an exact duplicate there, but anyway there's a nice little solution you can use, which is the FUSE bindfs module (there's a package in ubuntu). You use it to mount one directory onto another mountpoint and can set things such as the default permissions of any files created here, their owner, group and the permissions of files already in the directory (which is what you seem to want).
I don't want to use "umask" technique because the user will upload files into that directory throuh ftp and other tools.
That's the only way to do it, unless those "other tools" are themselves able to adjust permissions.
If you have root access, you can set the default umask for everyone to 002 from /etc/bashrc (assuming bash the default shell for the users in question).
A hack (and this is less preferable to umask) is to setup a cron job that will run every minute and do a chmod -R g+w <dir>.

Not able to delete directory

I am having a frequent problems with my web hosting (its shared)
I am not able to delete or change permission for a particular directory. The response is,
Cannot delete. Directory may not be empty
I checked the permissions and it looks OK. There are 100's of files in this folder which I don't want.
I contacted my support and they solved it saying it was permission issue. But it reappeared. Any suggestions?
The server is Linux.
You can't rmdir a directory with files in it. You must first rm all files and subdirectories. Many times, the easiest solution is:
$ rm -rf old_directory
It's entirely possible that some of the files or subdirectories have permission limitations that might prevent them from being removed. Occasionally, this can be solved with:
$ chmod -R +w old_directory
But I suspect that's what your support people did earlier.
This could also be because your FTP client might not be showing the hidden files (like cache, or any hiddn files that your application might create), while the hidden files are preventing you from deleting the directory. (though, in your case, I am not sure if this is the cause .. .it could be permission issue with your hosting provider.. Webserver running as another user (like apache or www) combined with your directories having global write perms).
I assume that's a response from an FTP server?
Usually, a message from an FTP server really means it. If it says the directory is not empty, there might be certain files you cannot see that exists in the directory which maybe one of:
Your PHP/JSP/ASP/whatever scripts may run under a different user account thus creating files which you may not be able to see/delete
Is your hosting's web interface run under your FTP account? There might be conflicting permissions there if you manage some files from the web interface and then later via FTP.
Hosting server/operating system files created unintentionally e.g. from the hosting's web interface
If it comes from a script, write a one-time throw-away script that delete the files and that directory and then uploads and executes it.
And just to be sure, some FTP server doesn't support direct directory deletion, you need all the files first, is that the case?
