Giving Ownership/Rights properly on Ubuntu/Linux

StackOverflow https://stackoverflow.com/questions/17658462

  •  03-06-2022
  •  | 
  •  

Question

I'm currently facing alot of issues with giving rights/ownership on Zend Server. I always do a

chown user -R path/to/file

and

giving 777 to fodlers and file then end up with lots of 777... with some not needing that 777, If there is a user to zend server, i hope i could just give it ownership to everything .... so i dont have to 777 so many stuff

So far giving rights/ownership is fixing and CREATING issues with zend servers ...which is why i 'm here :(

I'm also having issue debugging, when an error occurs i'm not sure how to check what caused it. I do read forums people doing a -debug behing their command. Sometimes i'm also not sure which file to give permission to. I realise my zend server is a User itself i believe...

any advice or guide would be greatly appreciated.

I have these as users 

zend:x:106:112::/usr/local/zend/gui/lighttpd/:/bin/false
root:x:0:0:root:/root:/bin/bash

and many others. I think daemon and zend is related to zend server.

Was it helpful?

Solution 2

Just a note when giving permission for web server.

Permissions are simple. You just have to remember there is read write and execute permission in *nix. You won't need the execute permission in any of the script files but all folders must have execute permission. That leaves you with the read and write permissions. You will need read permission for all the files and folders. You will only need write permission only to the folders and files which need to be changed by the web server. Basically you will need read write and execute permissions for temp folder, and if you are using file upload then the folder where you store the files. You may need to have write permission only to files which needs to be changed by the web server (for simple sites these may not be there).

OTHER TIPS

You should NEVER make a file executable (bit 0 set) that is not an executable shell script (CGI scripts such as PHP do NOT need execute permission), setting it to 777 is just plain lazy and dangerous from a security perspective.

I often run the following to correct permissions on a web folder:

chown username:groupname * -R
find -type d -exec chmod 755 {} \;
find -type f -exec chmod 644 {} \;

This will give all directories:

  • read permission by the owner, the group and anyone else
  • write permission by the owner only
  • execute permission which allows entering them and listing of their contents.

And it will give all files:

  • read permission by the owner, the group and anyone else.
  • write permission by the owner only.
  • no execute permissions at all.

If you can add the Apache/HTTP server user to the user's group (usermod -G apache -a username), you can tighten this even further to 750 and 640 which will prevent other users from being able to read the web files (this can be bypassed via the webserver though depending on the server configuration).

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top