Find the answer to your Linux question:
Results 1 to 4 of 4
I'm wondering if anyone can give me some advice on ownership and permissions for web folders for Apache. All my web folders were owned by root root. I changed that ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Oct 2006
    Posts
    43

    Question Web Folder Ownership and Permissions for Apache


    I'm wondering if anyone can give me some advice on ownership and permissions for web folders for Apache. All my web folders were owned by root root. I changed that to www-data www-data (my Apache group and user). I did this so I could change the permissions on some upload folders to 775, instead of 777, which they were before.

    However, it occurs to me now that, if Apache gets hacked somehow, the hackers could, conceivably, alter the contents of all my web folders, whereas before with the owner being root root, the only folders that could have been altered were the upload folders. However, I suspect with 777 permissions, the chances of those upload folders being compromised were much higher than they are presently for the web folders.

    This is not a situation where I am offering a service to clients. I have read that in that case I should have the web folders owned by the client user, so they can upload to them, etc. Am I better off to create a separate user account anyway, and assign ownership of the web folders to that user (in which case I would have to return to 777 permissions), or is what I have done a good solution?

  2. #2
    Linux Guru coopstah13's Avatar
    Join Date
    Nov 2007
    Location
    NH, USA
    Posts
    3,149
    chmod 644 the files if they are html, if they need to be executed AKA perl scripts, php scripts, chmod 655

  3. #3
    Just Joined!
    Join Date
    Oct 2006
    Posts
    43
    My question wasn't as much about the permissions on my webfolders in general, but on certain specific folders that php uploads to that require quite loose permissions, and on what group and user should own my web folders. However that is a helpful answer and I will check my general permissions as well.

  4. #4
    Linux Guru coopstah13's Avatar
    Join Date
    Nov 2007
    Location
    NH, USA
    Posts
    3,149
    just make the folders that aren't being uploaded to write protected
    if you have a folder that needs to be written to, i don't really know of a way to stop someone from overwriting the files, other than in the php script you would want to check if the file existed already, if it did, throw an error

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •