Guest Posted January 15, 2014 Posted January 15, 2014 What files need which permissions? After looking around I have set my file permissions as follows Directories 705 Files 604 Configs 444 (or at least I'm trying to but for whatever reason the server keeps putting them back to 644 and I'm getting the error message "I am able to write to the configuration file") On the Security Directory Permissions page the Writable column is full of green ticks, the Recommended is mostly red crosses. What do I do?
MrPhil Posted January 15, 2014 Posted January 15, 2014 Directories are normally 755, but can be 705 on some systems. Files are normally 644, but can be 604 on some systems. Just because a certain someone constantly tells people to use 705/604 permissions doesn't necessarily make them correct on your system. If 604 is normal for a file, you want 404 permissions instead of 444 (remove "write" permission from "owner": 6 - 2 => 4). Actually, what is important here is that PHP is unable to write to the file -- it's irrelevant whether you (as the human owner) can write to it. Depending on how PHP is configured on your system (is it Windows or Linux?) and whether it's running as "owner/user", "group", or "other/world"; a "read only" file might be 644, 444, 604, or 404. The fastest way to determine this is by trial and error. If you are using an FTP client to change permissions, many servers silently ignore chmod requests from FTP. In that case you will need to use your hosting control panel to do a chmod. Also, you need to be the file's "owner" in order to do a chmod.
Guest Posted January 15, 2014 Posted January 15, 2014 So I should just ignore the ticks and crosses on the Security Directory Permissions page as long as I have set the file permissions right? They're currently: - Directories 755 Files 604 Configs 444 P.S. Its a Linux Server
MrPhil Posted January 16, 2014 Posted January 16, 2014 Normally you have files and directories read-write for the owner (and PHP, if different), and read-only for everyone else. That's 755/644 or 705/604, depending on the server setup. There's no harm done in having tighter security (fewer parties having write access), so long as it does not unduly interfere with the operation of the site (e.g., having to restore write access in order to upload new product images). The two configure.php files are a special case -- they need to be unwritable by PHP (which may mean unwritable by the human owner too). As you don't want to accidentally erase or overwrite your configure.php files (it's a nuisance to have to recreate them), being normally unwritable by you is not a bad tradeoff. If you understand the ramifications of what permissions you have set for directories and files, set them as you please and ignore what the SDP page says. It's basically there to assist people who aren't experts in file permissions.
Christiane N Posted August 24, 2014 Posted August 24, 2014 Hi, Since this seams to be a serious matter, I just checked what was going on on my server. May I ask if these settings are ok? all folders 750, all files 640 I run my shop on a server OS = Linux, http server = Apache, PHP version 5.4.27 (Zend: 2.4.0) I never changed the settings myself, they came like that. Are these settings save? Best regards, Christiane
♥joli1811 Posted August 25, 2014 Posted August 25, 2014 Well normally would be 644 files and 755 folders but this may be server related yours are a little bit more secure than normal if the site is working fine I would leave as they are . As long as your site is readable by the customer 640 would normally indicate not readable by customer but as the site is working ok I would say it is server related So yes they are safe. Regards Joli To improve is to change; to be perfect is to change often.
MrPhil Posted August 25, 2014 Posted August 25, 2014 If those permissions work (customers can use your site, and you can too), and you're not getting any warnings from osC about your configure.php permissions, leave it alone. It sounds like both the server and PHP are accessing files and directories as "group", and they are read-only. It's possible that you may have to temporarily change permissions (770 and 660) to perform certain operations in your store (where osC needs to write to a directory or file), but we'll cross that bridge when we come to it.
Christiane N Posted August 26, 2014 Posted August 26, 2014 Hi Joli & Phil, Thank you for the kind replies. I am glad everything is fine. Naturally I'll follow your advice and leave it alone. Best regards, Christiane
Recommended Posts
Archived
This topic is now archived and is closed to further replies.