Viewing Thread:
"File permissions - help, please?"

Hi

As several others have noticed, files on the Freeola web servers, that are updated by php scripts, have had to have their Unix permissions changed. I've had to set mine to 777 to get some of my scripts working. But I thought that:

a) these numbers relate to owner/group/everyone
b) 7 is the most 'open' option
c) so 777 gives *everyone* full read/write/whatever access. This sounds pretty insecure to me.

Isnt the php script the 'owner'? I thought it was, so I'd only needed to give access to the owner previously. Freeola support tell me that I need to give access to 'group' and 'everyone', because of the upgrade, which has made my site 'more secure'. But it seems to me to be *less* secure, to give everyone full access.

I'm obviously not understanding something here. Can someone explain?

Thanks in advance ...

Hi

As several others have noticed, files on the Freeola web servers, that are updated by php scripts, have had to have their Unix permissions changed. I've had to set mine to 777 to get some of my scripts working. But I thought that:

a) these numbers relate to owner/group/everyone
b) 7 is the most 'open' option
c) so 777 gives *everyone* full read/write/whatever access. This sounds pretty insecure to me.

Isnt the php script the 'owner'? I thought it was, so I'd only needed to give access to the owner previously. Freeola support tell me that I need to give access to 'group' and 'everyone', because of the upgrade, which has made my site 'more secure'. But it seems to me to be *less* secure, to give everyone full access.

I'm obviously not understanding something here. Can someone explain?

Thanks in advance ...

I wrote this in answer to a question on this BB yonks ago. Sounds to me that the new solution is a lot more 'unsecure' that the previous.

So I agree, by giving it 777 privledges, it means that everyone has full access to the file.



>>
>>
just did a quick search on the web and found this site...

http:// webhelp.usit.net/ tutorial/ unixfile.html

seems to explain it well enough.

basically...
- the owner owns the file (1st digit)
- the group is everyone in the same group as the owner (2nd digit)
- other is everyone else (3rd digit)

access can be granted in any combination as follows
- read only (value of 4)
- write (value of 2)
- execute (value of 1)

731 =
owner has full access/group has write & execute/other has execute

as to what directories/files should get what settings? Thats down to you. The bare minimum, just as long as the code works.

that's a start anyway.
cheers
ajg

The reason for this is that yes the scripts will be unsecure but the web files will not. The problem is if you let the scripts run with less permissions then PHP will have more access to other users files. A very bad idea.

Bob - Sorry, but I'm still not clear on this.
-
What I want to achieve is that:
For my visitors, all but one or two of the files are read only.
-
The exceptions, i.e my bulletin board text files and my hit counter file, must obviously be available to open and write to, but only via the relevant php scripts.
-
I had assumed that my scripts took on "owner" status, so that a permission of (say) 611 would be OK for my hit counter text file. So, in my view, the script that adds one to the number and then rewrites the file, is the owner, so it is allowed to do that. But since the upgrade, I've had to change the permission on the text file to 777 even to allow the script to update it. This is what doesnt sound right. Why should "everyone" be able to write to the file, now?
-
What's even more puzzling is that when I use the chmod command to change a file's permissions, *all* the files in my webspace change to that permission level, and not just the file I'm changing. This is with WSFTP, by the way.
-
Can you explain some more; in particular let me know what permissions I should use to achieve my requirement; and why can I not change permissions for an individual file without blatting all the others too?

If a file needs to be write to by the web server (hit counter/buliten board) then it needs the everyone write permission. This is because the web server runs as the user nobody for security reason. As such nobody is not party of the group that your user is in. Any file that needs to be read by the server needs the everyone read permission and any script needs the everone read and execute perms.

Aha - just answered one of my questions, I think. WSFTP does not show me the current permissions of a file, it just repeats the settings I last used. Pretty misleading. So thats why it looks as though I'm changing all the files.

I'd get a beetter program. I used to use Cute FTP but now just use IE6. Its great because it just feels like you are moving files around your machine and you can change perms with it.

Tell me more! I didnt know IE6 could do that ...

Is it in the help files somewhere?

Ftp in by useing:

ftp://[email protected]

Or the following for classemail:

ftp://[email protected]

Then right click on a file and click properties. Then you can change the perms.

Andrew, what settings are 777 in IE6??

As you know they have the tick-boxes for User/Group/Everyone to Read/Write/Execute.

What tick combination do I need??