What permissions should the other directories have?1 user found helpful
I've stuck my updates/ directory at 777 because my stupid host won't give me SSH access to give ownership to the web server. This is clearly a security risk. What's the alternative? The server has mod_suexec installed.
Help would be much appreciated :)
I installed c5 by unzipping and uploading the directory structure (a long and laborious process!). I made files/ and updates/ 777 via FTP, because nothing else seemed to work, but now I've updated it to both 188.8.131.52 and 184.108.40.206 but their entire directory structures are 777, which is clearly no good :(
Any help would be appreciated. I'm strongly considering moving host, but if I can avoid it for now that would be helpful.
The quickest way to get all of the information about the environment and the server is to create a simple .php file named anything you want (e.g., phpinfo.php) with the following lines.
Include the <?php and ?> tags just as they appear. Put that file at the root of your concrete directory and then access it with a web browser (e.g.,http://www.mysite.com/phpinfo.php ). You should get a long report with all kinds of information. Scroll to the section apache2handler, and look for the row labeled User/Group. That will tell you if the web server executed your file with your user/group information or not.
If you were at 5.4.0, you should have been able to perform the entire update all from within c5. The web server would have downloaded the update to the updates folder for you, which would have been faster and easier. One of the reasons updates are now handled this way is to avoid the kind of problems you are experiencing.
As I say, I have upgraded from 5.4>220.127.116.11>18.104.22.168 all within c5, but it only works if the updates/ directory is chmodded to 777.
Is there a blanket ownership change I can make to the whole c5 directory to get this to work without needing 777 permissions? I ask because the host will only change ownership on their side (I have to email them), so if I can fix it in one fell swoop that would be good.
If you are the owner of the updates directory, it make sense that the web server couldn't store and install the update unless you used chmod 777. If the web server installed the files, they should be owned by the web server, though. So, I'm not sure I understand what is going.
There is no way for you to change the user/group of the files/directories. When you are logged in and creating files or directories, they will be created with your user/group. There is no way around that. The host will have to change that for you.
If you really are the owner of all of the files and directories, 777 would only be needed during an update. You could change that to 775 for almost all directories and files. Some directories, such as files, would still need to be 777, because the web server writes to them.
If your host is willing, the ideal solution would be to set the group of all files and folders to nobody and to set the owner of all files and folders to your username. Then, you could set the permissions to allow yourself and the nobody group to access the files and turn the privileges for "other" off.
Please advise asap.