chown on web root document

Whether you are using Linux on the desktop or as a server, it's still good that you're using Linux. Linux related questions go here.

Moderator: General Moderators

Post Reply
mechamecha
Forum Commoner
Posts: 32
Joined: Thu May 31, 2007 8:49 pm

chown on web root document

Post by mechamecha »

Hello,
I recently ran into a problem w/ my php app not being able to upload photos to my server. I kept getting a 'failed to open stream: permission denied" error.
I know I had it working last week, but over the weekend I was messing w/ linux to get capastrino working and I must have mucked up my linux settings somehow. Anyhow, the user:group setting on my web root document and all sub directories was changed to root:users. Prior to that, I can't remember what ownership I had it set at...maybe root:root?

I fixed it in one of two ways:
1. I changed the ownership on the web root document to apache:apache. Now I can upload files w/o problem. I believe this corrects the problem b/c the httpd process is running under the apache user.

OR

2. I modified the permissions on the destination upload folder. I updated it from 755 to 777. Now it doesn't matter what the ownership is...all uploads work.

So what's the best solution? Is setting the upload folder to 777 a security risk? Is there a way to keep the ownership on the web root document at root:users, keep the permissions of the upload folder at 755 and still get uploads working?

THanks!
User avatar
VladSun
DevNet Master
Posts: 4313
Joined: Wed Jun 27, 2007 9:44 am
Location: Sofia, Bulgaria

Post by VladSun »

I think it's best to have your web directory tree owned by root:root 0644 for files and 755 for directories. All, but the upload directories - set the owner of such directories to Apache user (again 0644 files, 0755 directories).

This way nobody else, but the Apache user can write to the upload directories and you can be sure that your site would not be defaced in case your web scripts has some kind of vulnerabilities.
There are 10 types of people in this world, those who understand binary and those who don't
Post Reply