Microsoft Azure is rapidly becoming the norm in dynamic IT environments. This document describes the challenges that organizations face when protecting data in a hybrid cloud IT environment and presents a use case to demonstrate how Acronis Backup protects all data.
Course Of The Month
8 days, 5 hours left to enrollBecome a Premium Member and unlock a new, free course in leading technologies each month.
Solved
Linux permissions in the context of web sites
Posted on 2016-09-26
Hi:
I have read and reread a number of articles on permissions and know how to change them, yet I find that I cannot place them in the context of web site development and usage. I do not have access to the server directly since I use a remote Linux shared server.
As the only developer, I am creating a web site with PHP. I need to create directories and files which I transfer through an FTP app on my desktop. All of the web site scripts and data files are in the URL-accessible server directories, except the uploads directory that is private (between the URL-accessible web directory and the root directory).
1. The only developer, where I create directories and files, use the web site app, upload image files from the web site and the FTP app, and manage the directories and files through FTP.
2. The web site user, who uses the web site forms and reads data on the web pages. They may not upload any files. They have no personal access to the directories and files.
3. Specific web site users, that is registered members, are like user 2. except they may upload image files to the server.
What is an permission 'owner'? Me as developer, the server, or the scripts?
What is a 'group'? Me as a developer, only other developers if there were some, registered members?
And is 'other' the regular non-registered users - ie anybody using the app?
For each of these groups 1 through 3, what would be the rwx permissions for the directories and files that they have access to?
If another developer joins me and I want to have secure directories and files that this second developer must not have, how would this change the permissions?
Much appreciated :)
I have read and reread a number of articles on permissions and know how to change them, yet I find that I cannot place them in the context of web site development and usage. I do not have access to the server directly since I use a remote Linux shared server.
As the only developer, I am creating a web site with PHP. I need to create directories and files which I transfer through an FTP app on my desktop. All of the web site scripts and data files are in the URL-accessible server directories, except the uploads directory that is private (between the URL-accessible web directory and the root directory).
Directory structure:
/
-private directory (Non-URL accessible - for uploads)/
-files
-sub-directory/
-files
-web directory (URL accessible)/
-sub-directory/
-files
-sub-sub-directory/
-files
1. The only developer, where I create directories and files, use the web site app, upload image files from the web site and the FTP app, and manage the directories and files through FTP.
2. The web site user, who uses the web site forms and reads data on the web pages. They may not upload any files. They have no personal access to the directories and files.
3. Specific web site users, that is registered members, are like user 2. except they may upload image files to the server.
What is an permission 'owner'? Me as developer, the server, or the scripts?
What is a 'group'? Me as a developer, only other developers if there were some, registered members?
And is 'other' the regular non-registered users - ie anybody using the app?
For each of these groups 1 through 3, what would be the rwx permissions for the directories and files that they have access to?
If another developer joins me and I want to have secure directories and files that this second developer must not have, how would this change the permissions?
Much appreciated :)
[X]
Welcome to Experts Exchange
Add your voice to the tech community where 5M+ people just like you are talking about what matters.
- Help others & share knowledge
- Earn cash & points
- Learn & ask questions
-
5
4
9 Comments
Active today
Normally with shared hosting you set the permissions thru the FTP account. You are normally the owner. There are no other users on the server except for 'root' which you do not have access to and the web server user which is a very limited user. For any other limits on access, you will have to create those in your code.
To get more actual Linux users for finer control over the file permissions, you would have to get your own server. I have not seen any shared hosting that will allow that.
To get more actual Linux users for finer control over the file permissions, you would have to get your own server. I have not seen any shared hosting that will allow that.
Active today
So does this mean that all my directories and files should have group and other as --- ? Including upload directories and files?
Active today
No. If you did that no one would be able to access them thru the web server. Using my own site as an example, 'normal' file permissions are -rw--r--r (644) which allows you to write files and others to read them. Directories must have the 'x' bit set as shown in the image below.
Active today
Ah! Great.
Just to clarify ..
If my users need to upload images, which would be writing to the server, would that mean assigning rw- to the 'upload' directory and file under 'group' or 'other' or neither?
Just to clarify ..
If my users need to upload images, which would be writing to the server, would that mean assigning rw- to the 'upload' directory and file under 'group' or 'other' or neither?
Active today
Users upload files to a PHP script, not directly to a directory. Writing to the final directory is normally done by enabling 'suexec' on the server. That allows your PHP scripts to write uploaded files to the required directories under your permissions.
On shared hosting, 'group' is almost useless. 'World' or 'other' is what web site visitors are under and it is almost Never a good idea to enable them to directly write anything. Most of the time there is no way for them to do it anyway.
On shared hosting, 'group' is almost useless. 'World' or 'other' is what web site visitors are under and it is almost Never a good idea to enable them to directly write anything. Most of the time there is no way for them to do it anyway.
Featured Post
Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.
Question has a verified solution.
If you are experiencing a similar issue, please ask a related question
Join Greg Farro and Ethan Banks from Packet Pushers (http://packetpushers.net/podcast/podcasts/pq-show-93-smart-network-monitoring-paessler-sponsored/) and Greg Ross from Paessler (https://www.paessler.com/prtg) for a discussion about smart network …
There are times when I have encountered the need to decompress a response from a PHP request.
This is how it's done, but you must have control of the request and you can set the Accept-Encoding header.
Learn several ways to interact with files and get file information from the bash shell.
ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions.
Consider email address RFCs:
Look at HTML5 form input element (with type=email) regex pattern:
T…
Suggested Courses
Earn Certification
HTML5 Specialist - Certification
Free withPremium
Course of the Month8 days, 5 hours left to enroll
617 members asked questions and received personalized solutions in the past 7 days.
Join the community of 500,000 technology professionals and ask your questions.