I'm running into user group and permission issues restoring a site to Google Compute Engine from the VaultPress backup solution; I'm being told it's related to permissions and the SSH user not being able to write new files.
Can you suggest what permission/ownership change I should make so that my local user can write and edit file changes within a WordPress instance, by default all directories and files within the site belong to the www-data user and group. Thank you for your time :)
Related
What has me confused is why a directory or part of my Drupal site to suddenly return the message of "Forbidden" - that I, as first use, cannot access various parts of the site in the admin area. I changed the permission on the default/sites/files directory to 777. That probably is giving to too much access to everyone. However, it was only after doing that, that I got a message of Forbidden - that I don't have access to various parts of the admin area. I am the first user.
I changed the permissions on this directory because when I tried to update some modules, I got an error that file could not be created.
I have cpanel/whm on a dedicated vps server. So, one issue is how to find out what the user and group ownership should be on a server that hosts various domains through cpanel. It appears that for other accounts have user:owner permissions that match the account name. I am not sure if the default group:owner should remain as www-data:www-data for example, on Ubuntu or if cpanel/whm says, "make the apache group and user equal to the account name."
Thanks in advance for any help,
Bruce
First of all, I'm going to assume you're talking about Drupal 7, but really, there's little difference in this case.
Try reading about permissions here
Its very simple that the folder should have user:user ownership and correct permissions with folders having 755 permissions respectively. The server might be running on suphp hence you cannot have wrong user with wrong permissions.
I'm using a shared webserver on which I can manage FTP accounts. I'm wondering how to set access restrictions a folder,
Say I have a file in:
www.somepage.com/ftp/import/
which is named someData.txt
Why is it that I can access this file by hitting:
www.somepage.com/ftp/import/someData.txt
If the file is just lying there, why make an FTP user with login/password to access it. If I check the file restrictions, public has read/write/execute/sticky, so I don't understand why I can just pull the fill by hitting it's URL.
Article on permissions
Try using chmod to change the permissions on your files/folders on the server through command line/terminal. It seems like your permissions are currently set to 777 which allows anyone to do anything.
7 allow user to read/write/execute
7 allow group to read/write/execute
7 allow world to read/write/execute
You would probably want to use something like 770 which will prevent anyone except the user and groups doing anything to the files and folders. These permissions are pretty important for security as you could be the victim of an attack if they aren't set properly.
I am new to Joomla and have been given the task of supporting a site that was created in Joomla 1.5.25. They keep getting errors that files are not writable. They also can't add or delete anything to and from the media manager even in a Super Administrator account. I was able to override these errors with changing folder permissions from 755 (Joomla's recommended permission set) to 777, but was wondering if there is a better way of going about this (I don't want to leave a security hole on their site with the 777 permission set). From what I have read through my research is Joomla permissions requirements can vary based on your hosting company, so I want to get other peoples input before I give my hosting company a call.
On a side note, is there a way of getting the error messages to display longer then 2 seconds?
Why don't you try changing the permissions only to the folders that are written to temporarily? Another solution is to find out under which user apache is running and make sure that user is the owner or at least in a group that owns your Joomla! directory.
I'm running apache and my php site uploads images to the server. should apache upload dir have 777 permissions or belong to www-data user? How would this affect backing things up?
I think read + write permission is enough. read for backup, write for upload. It seems that no one ever need to execute anything.
And you should only grant permissions to who really need them. For example, grant write permission to www-data. And if you use another-user to do back up, only grant read permission to another-user.
You'd better avoid using 777
That depends on what you need from it. You should always use the most restrictive permissions that will let you do what you need.
Read the man page for chmod(1) to learn what the various permission bits mean. And maybe provide some more detail about your situation, so someone can provide a specific answer for you.
First and foremost the apache server needs to run as a non-privileged user. Second the upload directory should only need 600 as the permission (rw) iirc. This will allow the user that is running apache to write to that directory. The practical attack against a web server is to trick it into writing to a directory and having it execute the code that is placed there.
Could someone please explain owner/group/public permissions on files and directories in a web environment.
My current understanding is that "Owner" is the person who created the file.
Group, presumably are permissions granted to any user in Group 'Foo', and Public is, well, everyone.
What I don't quite get is how this translates to a web environment.
Are "Public" users people who visit the site as guests? What about groups? And what are the risks of having a file CHMOD'd to 0777 - what could a public user do with a file if they were given execute permission - surely this is the same as just accessing a script directly (foo.com/bar.php)
hopefully this is clear enough
thanks for any insight.
Your web server is running under a specific user. When someone accesses a file on a server it typically goes through the user associated with the web server. Try writing a script that actually create a new file, see who the owner is.