Jump to content
Larry Ullman's Book Forums

Assets And Runtime File Permissions


Edward
 Share

Recommended Posts

  • 2 months later...

I believe you are misunderstanding how permissions are used in *nix systems.  Setting the permission 6 (or rw) is not good in general on a directory.  You want 5 or 7.  So 755 or 775 or 777 are the most common ones.  Why?

 

 

  • The read permission grants the ability to read a file. When set for a directory, this permission grants the ability to read the names of files in the directory, but not to find out any further information about them such as contents, file type, size, ownership, permissions.
  • The write permission grants the ability to modify a file. When set for a directory, this permission grants the ability to modify[clarify] entries[clarify]in the directory. This includes creating files, deleting files, and renaming files.
  • The execute permission grants the ability to execute a file. This permission must be set for executable programs, including shell scripts, in order to allow the operating system to run them. When set for a directory, this permission grants the ability to access file contents and meta-information if its name is known, but not list files inside the directory, unless read is set also.

 

 

This is taken from Wikipedia. There are numerous other sources available.

 

Something else you may want to look at is the Umask being set.  That controls the default permissions of new directories/files when they are created.  This is usually set in ~/.bashrc as

umask 022  # default files permissions are 644 and for directories, 755

or

umask 027  # default files permissions are 640 and for directories 750

 

Finally, the last thing to check is in the Yii Framework itself in ./framework/web/CAssetManager.php. There are two settings there that determine how files and directories are created.

public $newFileMode=0666;

public $newDirMode=0777;

 

I changed these to be 0664 and 0775, respectively for more security on the machine.

 

Hope that helps.

Link to comment
Share on other sites

  • 3 months later...

Hope its not too late to chime in here.  There have been some good points raised in regards to file permissions, however you also need to look at the group and owner of your directories and files (which hasn't been mentioned yet).

 

If your site was uploaded via ftp/scp etc to your home directory, and then copied using sudo to your /var/www folder, then chances are the files and folders are now owned by root.

 

For apache to run your site, you need appropriate permissions (755 etc), but you also need the right owner and group.  Apache runs under www-data, so your files and folders should also be www-data.  To make this change for all folders and files in your website, use the following command.

sudo chown -R www-data:www-data /var/www/myWebsite

The -R means to recursivily to files and sub-directories etc.  I have changed the owner and group at the same time, however you can do them separately if necessary.

sudo chown -R www-data /var/www/myWebsite
sudo chgrp -R www-data /var/www/myWebsite
  • Upvote 1
Link to comment
Share on other sites

 Share

×
×
  • Create New...