Originally Posted by
Jacob72
OK, I take your points.
I would be grateful to know how you manage your sites as the root user. I am not used to dealing with permissions.
Thanks
By using the chown and chmod utilities. Use "man chmod" or "man chown" for the manuals on how they are used. For better examples, search the Internet for better explanations such as the catcode site.
The following examples should not actually be used for your site. They are examples to understand the process.
This example will set the ownership (individual and group-level) to be owned by the user "root" and the group called "www-data" for all .html files in the current working directory.
Code:
chown root:www-data *.html
This example sets the file permissions for every .html in the corrent working folder to Read/Write (6) for the specific owner, Read-Only (4) for the owned group and Read-Only (4) for everyone else.
Here are the same commands but instead of assuming the current directory, the exact path is used to ensure the action is not performed on the wrong files.
Code:
chown root:www-data /var/www/*.html
chmod 0644 /var/www/*.html
If all the files in the specified folder and all sub-folders need to be set, this is how it can be done using the recursive option:
Code:
chown -R root:www-data /var/www/*.html
chmod -R 0644 /var/www/*.html
Great care should be taken whenever you use wild cards (*) and recursion (-R). In some cases, you might need to run multiple commands to make sure all permissions are set correctly. For Example:
Code:
chown -R www-data:www-data /var/www/*
chmod -R 0664 /var/www/*
chmod 0666 /var/www/uploads
chmod -R 0444 /var/www/images/*
chmod -R 0444 /var/www/*.html
chmod -R 0444 /var/www/*.htm
The above sets ownership for all files under the /var/www folder to www-data.
It then sets permissions for all files under the /var/www to Read/Write for www-data and Read-Only for everyone else.
It then sets the upload folder to be Read/Write for anyone.
Then all images and html files are set to Read-Only for everyone.
Once I have my permissions setup correctly to ensure the site is usable with the least amount of permission necessary, I then write a bash script to set those permissions and schedule them via cron to run on a normal basis to ensure the permissions remain correct even if somebody messes them up.
LHammonds
Bookmarks