Page 1 of 1

chown on web root document

Posted: Mon Dec 24, 2007 8:24 pm
by mechamecha
Hello,
I recently ran into a problem w/ my php app not being able to upload photos to my server. I kept getting a 'failed to open stream: permission denied" error.
I know I had it working last week, but over the weekend I was messing w/ linux to get capastrino working and I must have mucked up my linux settings somehow. Anyhow, the user:group setting on my web root document and all sub directories was changed to root:users. Prior to that, I can't remember what ownership I had it set at...maybe root:root?

I fixed it in one of two ways:
1. I changed the ownership on the web root document to apache:apache. Now I can upload files w/o problem. I believe this corrects the problem b/c the httpd process is running under the apache user.

OR

2. I modified the permissions on the destination upload folder. I updated it from 755 to 777. Now it doesn't matter what the ownership is...all uploads work.

So what's the best solution? Is setting the upload folder to 777 a security risk? Is there a way to keep the ownership on the web root document at root:users, keep the permissions of the upload folder at 755 and still get uploads working?

THanks!

Posted: Tue Dec 25, 2007 3:04 am
by VladSun
I think it's best to have your web directory tree owned by root:root 0644 for files and 755 for directories. All, but the upload directories - set the owner of such directories to Apache user (again 0644 files, 0755 directories).

This way nobody else, but the Apache user can write to the upload directories and you can be sure that your site would not be defaced in case your web scripts has some kind of vulnerabilities.