[Discuss] file permission exucute questions

Eric Chadbourne eric.chadbourne at gmail.com
Mon Sep 30 13:34:15 EDT 2013


------ Original Message ------
From: "Chuck Anderson" <cra at wpi.edu>
To: discuss at blu.org
Sent: 9/29/2013 2:15:21 PM
Subject: Re: [Discuss] file permission exucute questions
>On Sun, Sep 29, 2013 at 04:27:41PM +0000, Edward Ned Harvey (blu) 
>wrote:
>>  > From: discuss-bounces+blu=nedharvey.com at blu.org [mailto:discuss-
>>  > bounces+blu=nedharvey.com at blu.org] On Behalf Of Eric Chadbourne
>>  >
>>  > Got a basic question for you. On web servers I usually set files to 
>>644
>>  > (-rw-r--r--). A designer I'm working with keeps leaving files
>>  > (-rw-r--r-x) with the last being execute. Is this bad? Why?
>>
>>  Generally speaking, you're both doing something wrong. Generally 
>>speaking, files on a web server should be 640 (rw-r-----)
>>  Where the file owner is an actual user, strongly secured, complex 
>>password or no password (ssh keys only).
>>  Set the group to something that apache httpd is part of, and also the 
>>user is part of.
>>
>>  Set the group sticky bit on the parent directory and recursively.
>>  sudo chmod -R g+s /var/www/whateverdir
>>
>>  This way, all new files created will belong to the group of the 
>>parent directory, rather than the default group of the user account.
>
>You probably want to do that for directories only, not files, since
>you might end up inadvertently giving setgid elevated privileges to
>any scripts/programs under the web root:
>
>chgrp -R apache /var/www/whaeverdir
>find /var/www/whaeverdir -type d -exec chmod g+s {} \;
>

Most excellent advice.  Gives me plenty to research.

Thanks

--
Eric Chadbourne
http://theMnemeProject.org/




More information about the Discuss mailing list