.htaccess permission?

  • I’m wondering if I should leave the permission for .htaccess at 666 at all times or just when I want to modify the permalinks structure?

    Really I don’t plan on ever changing the permalinks structure again, so is it cool to change it back to 644?

Viewing 4 replies - 1 through 4 (of 4 total)

  • If your file is world writable then anybody (a script running on the system) logged into the system can change your .htaccess file. This is a risk if you share a server with other people. They could write such a script and have it mess with your files.

    There are 2 things going on here. One is permission for people to pull up that file in their browsers (really, that’s permission for your webserver to serve that page), and the other is permission for other people logged in to that machine to read and write that file.
    The first is probably prohibited in the server configuration. It’s pretty common for people to put something in apache configuration files to prohibit from serving any file that starts with “.ht”. In fact, I think that’s default in a lot of setups. That may be why you can’t pull the page even when you don’t specifically deny it in your .htaccess. I think you’re alright here.

    The other kind of security needs a little work. I recommend a permission setting of 644 on your .htacess. The first digit is for permissions of the owner of the file. 6 is 4+2. The 4 is for reading, and the 2 is for writing. (and the 1 that’s not there is for executing). the second digit is for people in the group that owns the file. You may as well give this 4 for read access. The third digit is for all others. You need to give this a 4 so that the user that runs the webserver process (probably ‘nobody’)can read the file in order to determine what special stuff you’re doing in it.

    That’s a pretty quick summary, but you can search google for more on unix file permissions and use of chmod.

    Thread Starter djrockwell

    (@djrockwell)

    Excellent…thanks for the explanation. I wasn’t sure if having the permission set at 644 would interfere with WP creating a new permalink for a new post, or if you need to use 666 ONLY to modify the actual permalink structure.

    Moderator Samuel Wood (Otto)

    (@otto42)

    www.remarpro.com Admin

    Since WordPress 2.0, the actual contents of the .htaccess file does not change even if you do change the permalink structure. So once you’ve set it and have the correct values in the file, you can set it to 644 and forget about it. It won’t ever need to change, even if you later modify the permalinks.

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘.htaccess permission?’ is closed to new replies.