How to make directories writable but not 777

Hello, hope I'm posting this in the right place :)

I'm using Textpattern CMS and I need to have write permisions on some directories. When I chmod those folders to 777 it all works.

But, 777 is a security risk, and I would like to chmod those folders to something else, like 755 or else. What do I need to do to make this work?

6 Replies

Keep the permissions 755, and chown to the same user that runs the Apache. With Debian or Ubuntu, this will be the user "www-data". If your distribution runs Apache as nobody, this won't work.

BTW, Directories that are writable by the web server are a security risk regardless of what ownership and permissions they are set to. Never ever put PHP scripts or other executable files in there.

@hybinet:

… If your distribution runs Apache as nobody, this won't work.

Why do you say that?

Thanks, I'm newbie here, trying to set up VPS for the first time, please tell me:

@hybinet:

Keep the permissions 755, and chown to the same user that runs the Apache. With Debian or Ubuntu, this will be the user "www-data".

User that runs the apache - how can I found out who is the user that runs the apache? I installed everything as the "root" user, so that should problaly be the root, right?

I found this:

chown root:root /some-dir

should I type that from command line, I'm using Putty for ssh.

@hybinet:

BTW, Directories that are writable by the web server are a security risk regardless of what ownership and permissions they are set to. Never ever put PHP scripts or other executable files in there.

these folders are for image and files upload, thats an option in Textpattern CMS.

Thanks!

Got it!

the command is:

sudo chown -R www-data /srv/www/path/to/foder

Thanks a lot, spent half day trying to solve this :)

A quick primer on the basics of the permission number.

There are three digits. To take the example of 754 (just at random), 7 is owner, 5 is group, 4 is anyone.

Each digit is really a set of three bits (for execute, write, and read). But to visualize them, you can think of each permission as a number to be added:

+1: Execute

+2: Write

+4: Read

At the base, you have zero (no permissions). If you want to let somebody read a file, you would add 4. If you want to let them read and write a file, you would add 2 and 4 (6). If you want to let them read, write, and execute a file, you would add 1 and 2 and 4 (7).

Any combination of the three is possible. The most common you'll see are probably 7 (full permissions), 6 (read/write), 5 (read/execute), and 4 (read).

So, if you have the permission of 755, it would mean:

owner: full permission

group: read/execute

anyone: read/execute

When you do an 'ls -l', you'll see a representation of the bitfield. 777 looks like:

-rwxrwxrwx

The first digit is the file type (d for directory, for example). The next nine are broken up into groups of three:

  • rwx rwx rwx

That's the owner/group/anyone again. 755 would look like:

-rwxr-xr-x

There is also a different syntax ("+x" gives all three execute permissions, "go+r" gives group and owner read permissions, etc) if you don't want to use the numbers, but I'll let you read about that yourself (google it, or perhaps something like http://www.zzee.com/solutions/chmod-help.shtml).

@sleddog:

@hybinet:

… If your distribution runs Apache as nobody, this won't work.

Why do you say that?

Sorry, I misworded that. It will probably work as intended, but it is not secure. In principle, the user nobody should not own any files or directories. On Debian every daemon runs as its own user, except a few that don't need to write any files (e.g. memcached).

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Community Code of Conduct