chmod folders or files after install?

Permalink
I made my folders writable to install by

chmod -R ug+rwX config files updates packages

But I was wondering, should I change the permissions (CHMOD) on these folders *after* I install for security purposes?

For example, with Wordpress I might make my config file 777 to install, but after installation I change it to 644 or even 444.

View Replies: View Best Answer
Mainio replied on at Permalink Best Answer Reply
Mainio
If you want to use the file manager to upload new files and install the packages straight from the UI, your web server process should have write permissions at least for /files and /packages folders. I think after installation this is pretty safe way to go (write+read for your web server process):
- /files (+ all its subfolders)
- /packages (+ all its subfolders)
- /updates (+ all its subfolders)
- .htaccess

Some add-ons also require other folders, such as Designer Content which requires write access to /blocks. Also, some add-ons might be changing your configuration in /config folder.

Then if you want to do compare, you should have execute access to this file for your web server process:
/concrete/libraries/3rdparty/htmldiff.py


Best,
Antti / Mainio
nicolechung replied on at Permalink Reply
So it would be something like:

CHMOD -R ug+rw folders packages config blocks updates .htaccess


i.e. users and groups can read, write, but not execute?
Mainio replied on at Permalink Reply
Mainio
Yes, and if you want to run the htmldiff-library also:
chmod ug+x concrete/libraries/3rdparty/htmldiff.py


And these work only if the folders are owned by the web process user or the web process user belongs to the owner group of these folders because you're using "ug".
nicolechung replied on at Permalink Reply
Does the web server count as "others" or "groups"?

I found if I make the files folder anything other than 777 I can't upload or delete files...is there anything less permissive I can set it to?

Like, if I try to remove read-write-execute for others on files

chmod o-rwx files

Nothing works.

I seem to have to add back "read", "write" and "execute" for files otherwise I can't upload or delete files from the files manager.
Mainio replied on at Permalink Reply
Mainio
In your web root:

chown -R your_own_user:web_server_user_group .


That will change ownership so that the group that your web server process belongs to (usually it has the exactly same name) to those files/dirs.

For "u" to access those, the user needs to own those files, and for "g" to access those, the group needs to own those files.

If you check with:
ls -la


You can see the current owner user before the ":" character and current owner group after the ":" character. I suppose your web server process user is neither of those.