1.5 file permissions and ownership

  • jcash

    (@jcash)


    20 years ago

    I am a new WordPress user with a file permissions and ownership questions. I am running WordPress 1.5 on Fedora Core 3 and was able to install and get up and running quite easily (great install documenation). I started to change file ownership and permissions in order to get my themes to be recognized, and have seemed to mess up my entire installation. When I view my address I am getting nothing but a blank html page, that is there is no content between the body tags. I believe this has to do with my root directory permissions but I have not been able to remedy the situation. Could someone with a working 1.5 installation relay there file permissions and ownership information. I have found info this info for 1.2 but the directory structure has many differences. Thank you much.

Viewing 8 replies - 1 through 8 (of 8 total)

  • 644
    /wp-admin/*
    /wp-includes/*
    /wp-images/*
    All files at root
    Default plugins

    666
    All theme files

    That’s from a working 1.5 testblog

    And ownership ? Me, not apache.

    I am using a shared server and wonder about group privileges. Should I consider using 604 rather than 644, and 606 rather than 666?

    if you set 604, then _anyone_ can write to the file, so the 0 for group access seems kind of silly doesn’t it?

    If you can assign group ownership of files to the group used by your webserver (www-data, or nobody, or nogroup, perhaps?) you could then permit that group to write to the files and deny write access to the “everyone” class.

    But what does that buy you? If someone on your host knows the exact location of a file, they could write a script that executes from their accoun’ts website to write to your files. The write operation would use the effective group ID of the webserver, which you specifically permitted to write to those files…

    I am confused.

    On Apache, if I set permissions to 604 (rw____r__) then only the owner can write to the files, isn’t this correct?

    If I use cgi-phpwrap, then I do not need to give access to nobody or group, I can close the php files off from group and world, isn’t that right? What do I need group access for?

    I tried setting my php files to rw_______ (600) and everything seems to be working fine. I can’t access the files directly with a web browser, and I don’t understand how someone else on the server could access the php files?

    If anyone knows of a really good tutorial on WHAT permissions to set, in what situations, I would really appreciate it.

    If you’re using a cgi wrapper and suexec, you can make everything 644. File permissions are probably not the problem though (at least, not the only problem). If you are using FC3, you are likely bumping up against SELinux. Launch system-config-securitylevel as root and go to SELinux->HTTPD Service. Tweak the settings there. You can simply bypass SELinux for HTTPD by checking “Disable SELinux protection for httpd daemon.”

    The shared server is a BSD system.

    This is the thing, I want to give as little access as possible to my directories and files using permissions. The rest of the customers on my server (the group) can browse through any time unless I set file permissions to prevent it. They aren’t much of a threat, but I like privacy, so I want to set group to 0 zero, no access, whenever possible. ergo 604 rather than 644

    My sftp program can be configured to upload with specified file permissions, so I am trying to come up with a set of rules for permissions for various file types.

    html 604
    jpg/gif/png 604
    js 604
    css 604
    php 600
    txt 600
    assorted files like lbi that are only being stored 600
    default (directories and everything else) 705

    Does this clarify what I am trying to do?

    You were correct about 604 being read-only for everyone; sorry. Octal always makes me woozy.

    Personally, I like all the files in my web space to be owned by my user account. That’s just me (and it’s greatly facilitated by the fact that I own the server!). As such, I like to give Apache write access to some things by use of the group ID used by the webserver. In this way, I can own the files, but Apache can modify them. It bugs me to no end to have Apache create files that I can’t edit/delete/whatever with my user account.

    In your case, still, 604 doesn’t provide you any more security than 644: everyone can still read the file! People in the same group (controlled by the middle 0) can still read the files by way of the everyone bit (the final four). Unless I’m mistaken, which has already been proven to occur. =)

    If you set 600 on PHP files, then the webserver process will likely be unable to read your PHP files, since the webserver does not own the files. Unless your webserver does in fact have ownership of the files in question.

    There isn’t much of an advantage to 604, over 644, except that with 644 the other users can browse through the directory’s structure with their ftp programs and read files they find interesting. It is the access to complete directory structure and ease of browsing that are undesirable. The world does not have this type of access because I have setup noindex in the htaccess file.

    The 600 php files for WordPress seem to be working so far, although I haven’t tried everything, so there may be a problem lurking somewhere.

Viewing 8 replies - 1 through 8 (of 8 total)
  • The topic ‘1.5 file permissions and ownership’ is closed to new replies.