I am using VSCode for my editor, but whenever I want to save the file, it always requires a password. I've searched for some of these related topics, there are some solutions I get that is giving full access to my code editor or changing folder permissions. I prefer to change permissions because giving root access to the code editor is more dangerous, but I am still confused because there are some permission options like using the 777 or 755 permissions, which one is the best fit for my case? I appreciate your answer.
Related
I have implemented a restful API where i receive a website and return path to screenshots
I am using PhantomJS v 2.0.0 development to make the screenshots. I am making a console command that is executed with a secured, system()-like function. I use SU to log as a user 'phantomjs', which is restricted to use only specified commands, and then call my phantomjs script to render webpages as jpegs. The files outputted are owned by 'phantomjs' and have permissions set to 644. We have added the user 'phantomjs' to group www-data.
We are putting lots of webshots in a directory, and separate them alphabetically in sub-directories.So far so good. Our work scenario requires that we occasionally delete webshots.
So i implemented a restful delete-api which clients can use to delete their webshots. The real problem emerges from the fact that the files are owned by 'phantomjs' and with permissions set to 644, we can't delete the files through www-data. Since 'phantomjs' is in the same group with www-data, we need the permissions to be set to 664 in order to be able to unlink() those.
We wouldn't like to allow the user 'phantomjs' to use chmod or rm, because this would go against our design idea to restrict the user maximally, since this user runs shell commands.
We don't like the solution to run a cronjob that changes file permissions, because the server is pretty busy, and this solution is very undesirable and should be our last resort/
We tried using ACL making every file in webshots/ dir to have default permissions of 664, but this didn't work with our NFS as expected. Upgrading the NFS is not an option for me right now.
We tried umask 002, but this worked only with files created through the shell, so it couldn't help us either.
I've noticed that if i save an empty file through sublime-text , file permissions are 664.
If i save a screenshot with phantomjs, f.p. are 644.
My questions are:
-What governs default file permissions, the running process itself or some user preferences from which you run the application?
-Can you give me any more ideas how to delete webshots securely or make 'phantomjs' owned files have perms 664 without giving the user too much 'dangerous' permissions.
Any help would be highly appreciated.
Thank you.
I have looked around a great deal on the Drupal forum and elsewhere but I cannot yet resolve this.
I have had to reinstall a large, fully functional site (Drupal 7.18) onto a new server. This has gone very smoothly. However, I do not seem to be able to set permissions for my sites/default/files directory in a manner that keeps it accessible and safe when browsing using the IMCE file browser.
Usually I set sites/default/files (and subdirectories within it) as 755, with files within these directories as 664. This works well on many other Drupal 7 sites I have built.
HOWEVER in this case, with these permissions I get the message "Unable to get a working directory for the file browser".
Only by setting directory permissions as 777 can I browse the files in these directories using IMCE - and I know that is really bad practice on shared hosting.
Please can someone advise on troubleshooting this? I have spent hours but I am getting nowhere.
I wonder if the ownership of the files and directories themselves is wrong. If they are wrong, can anyone direct me to step-by-step instructions for changing them?
Examining the 'problem' files and directories using FireFTP, I see
that both user and group names are the same as the FTP username that
was given me by my web host.
Looking at another Drupal site that works properly, I see that files
and directories in sites/default/files are set to user 531/group 528.
Thanks in anticipation! I am running D7.18 on PHP 5.2.10 with extensions enabled. Everything else seems to be working very well indeed. However, I am not sure I have the Apache or Linux skills needed to resolve this, or even to ask my hosts the correct questions ...
755 basically means that only the owner of the files can modify them, so you could try changing the directory permissions to 775 so that the owner and group can modify.
If you are using shared hosting I suggest you ask your hosting provider to help as they will have a better understanding of the users and groups on the server.
Cheers
I'm using a shared webserver on which I can manage FTP accounts. I'm wondering how to set access restrictions a folder,
Say I have a file in:
www.somepage.com/ftp/import/
which is named someData.txt
Why is it that I can access this file by hitting:
www.somepage.com/ftp/import/someData.txt
If the file is just lying there, why make an FTP user with login/password to access it. If I check the file restrictions, public has read/write/execute/sticky, so I don't understand why I can just pull the fill by hitting it's URL.
Article on permissions
Try using chmod to change the permissions on your files/folders on the server through command line/terminal. It seems like your permissions are currently set to 777 which allows anyone to do anything.
7 allow user to read/write/execute
7 allow group to read/write/execute
7 allow world to read/write/execute
You would probably want to use something like 770 which will prevent anyone except the user and groups doing anything to the files and folders. These permissions are pretty important for security as you could be the victim of an attack if they aren't set properly.
I am new to Joomla and have been given the task of supporting a site that was created in Joomla 1.5.25. They keep getting errors that files are not writable. They also can't add or delete anything to and from the media manager even in a Super Administrator account. I was able to override these errors with changing folder permissions from 755 (Joomla's recommended permission set) to 777, but was wondering if there is a better way of going about this (I don't want to leave a security hole on their site with the 777 permission set). From what I have read through my research is Joomla permissions requirements can vary based on your hosting company, so I want to get other peoples input before I give my hosting company a call.
On a side note, is there a way of getting the error messages to display longer then 2 seconds?
Why don't you try changing the permissions only to the folders that are written to temporarily? Another solution is to find out under which user apache is running and make sure that user is the owner or at least in a group that owns your Joomla! directory.
This is installed on a Unix system I don't have direct access to, but can get insight on by sitting with a network team.
The problem is this, I have 3 folders I need access to, read and write. The problem is, I only have access to 1 of them, and only read. This is via ColdFusion, I can get into them fine with the user they are assigned to (and the CF server runs on, which is the "www" user).
I CAN read and write to the temporary file directory, the place files are stored before they are moved to the destination directory (SERVER-INF/ etc etc etc), but that's not helpful. I have tried having the network people set the permissions for the other folders to the same thing, but with no results. The current settings of the folder I can access are rwxrws--- and the other folders are rwxrwxr-x, so I should have more permissions ( the "s" is not a mistake in the first folder).
We have tried setting the other folders to 777 and we did not even get read capability. Does the server need to be restarted on a Unix box after setting new permissions for ColdFusion to be able to get to them? I'm out of ideas right now, I'll take any new suggestions.
TL;DR
All using ColdFusion
temp directory - can read and write to
folder 1 - can read from (including subdirectories)
folder 2 - cannot read or write to (permission denied)
folder 3 - cannot read or write to (permission denied)
Goal: Get upload functionality working.
Edit: Server using apache
Just a random guess... Have you checked that paths you are trying to access are fully correct? They should be absolute for file operations, and www user must have X permissions on the all path directories -- to enter them.
The problem ended up being a restart was required after setting the new folder permissions. We didn't think this was an issue on a Unix box, however ColdFusion apparently did. This worked.