Hello everyone,
I posted this in unix/linux but it received no replies, so I assume it was the wrong forum. I'm trying here.
I'm in way over my head with file permissions. The directory and files are sitting on a linux server. I know almost nothing about linux.
The background: I was given a web share by my IT admin. Initially, the web share had 3 users, myself (as the owner) ,root (the group) and everyone. I could copy and paste from my local folder to the web share when at work no problem. But I needed to be able to upload files from home over the web. Whatever the permissions were originally set to, wouldn't let me. So I changed permissions to five Full Control to "everyone", which let me upload. So now, "myself" and "everyone" have Full Control and "root" has partial control.
I then found a webadmin file which listed directory contents etc via the web and allowed me to upload, delete, view etc the files in my directories. I have noticed now that when I copy/paste files as originally, the file permission is set to 764 and the owner is set as "myself", which I assume is correct. But, when I upload the same file using the webadmin via the web, the file permission is set to 644 (according to the settings within the webadmin file) and the owner becomes "www-data".
Also, I notice that on the webadmin, any file that has permissions set as 600,755 or 644 allows me to change those permissions, but any file whose permissions are 764 will not allow me to change those permissions.
I am really confused and worried. My questions, in order of importance:
1) Have I massively compromised the security of my files by changing "everyone" permission to full control?
2) What should my directories and files have permissions set to in order to allow me to upload over the web but not compromise security?
3) For my directory, I assume the "myself" group should have full control. How much control should the other groups have?
4) Why are the permissions of the 764 not changeable but the 600,755 and 644 are?
5) When I upload a file via the web, why does the owner change to "www-data"?
If anyone could possibly spare the time to help me out, I would really be grateful. Thanks.
2  2016  
1) Have I massively compromised the security of my files by changing "everyone" permission to full control?
2) What should my directories and files have permissions set to in order to allow me to upload over the web but not compromise security?
3) For my directory, I assume the "myself" group should have full control. How much control should the other groups have?
4) Why are the permissions of the 764 not changeable but the 600,755 and 644 are?
5) When I upload a file via the web, why does the owner change to "www-data"?
If anyone could possibly spare the time to help me out, I would really be grateful. Thanks.
1. When you set your permissions to "everyone" (or 777) you permit anyone with an account on the system to have access to those files. So yes I would say that is a pretty big compromise of the security unless you don't care if everyone sees your stuff.
2. This depends entirely on the way your system is set up. If you have some kind of web access to files where you can upload and download them then the best course would be to let the web server handle all the permissions and not worry about it. If you need multiple access to files like through the webserver and via FTP and through the shell then you will need to ask your server administrator to make you a member of all of those groups so that you can have access to those files.
3. I'm not sure what the "myself" group is, unless it is an alias for your user name. The other groups should have only as much access as they need. One of the key points of security is to only give a person (or entity) the minimum amount of permissions they need to get their job done. If other groups won't ever have a need to access your files then there is no point in giving them access.
4. I'm not sure what is going on because each of those permissions could correspond to a different owner or group. It sounds like what ever files you can change the permissions on that have 600,755 and 644 you are the owner or the group owner. For a good file permission calculator and to help you figure out what is going on you can check this link http://www.robolink.co.uk/calculators10.htm?seq=496
5. When you are using the web server to upload files your are passing those files to the web server to be written to disk. Since the web server is the "creator" of the files that are written the owner name becomes www-data (the name of the apache web server)
...Answers...
RedSon, Thanks so much for taking the time to answer those questions. I really appreciate it.
Cheers.
Sign in to post your reply or Sign up for a free account.
Similar topics
by: deko |
last post by:
Do I need to use flock() when reading a file into an array? It's possible that
the file in question could be open at the time the file('filename') request is
made. I realize flock() is required...
|
by: kamarudin samsudin |
last post by:
Hi all,
I try to invoke python serial script via my browser using PHP (exec
function). For the serial communication, i used pySerial module. It
fine when it run it as root but when i try to run...
|
by: da Vinci |
last post by:
Greetings,
Onwards with the school studying.
Working on a program and need to delete a file from a known location
on the hard drive but cannot get anything I do to work.
I have tried to use...
|
by: Jozef |
last post by:
Hello,
I'm trying to check for and add a field to a table to a back end database
through code. The problem I've been faced with is changing permissions,
because I have to use administer...
|
by: MSDN Account |
last post by:
We have web site that used the IIS ResKit tool MSWC.PermissionChecker to
check file permissions. The web site has been upgraded and that upgrade
included changing the default server side language...
|
by: Henrik_the_boss |
last post by:
Hello all.
I have a couple of aspx pages. When something fails in them, I would like
them to be able to log to either a database, a logfile, or the application
log. All code is in C#
I run...
|
by: Budhi Saputra Prasetya |
last post by:
Hi,
I still have the same problem with embedding Windows Control. I'll just
requote what I posted last time:
I managed to create a Windows Form Control and put it on my ASP .NET page. I...
|
by: Ron |
last post by:
New discovery.
If I take a perfectly good database, and "compact/repair" on it with Access
2000 (seems to be at multiple sites--I've tried it with my system here, at
another office on an...
|
by: Milagro |
last post by:
Hello Everyone,
I'm trying to debug someone elses php code. I'm actually a Perl
programmer, with OO experience, but not in php.
The code is supposed to upload a photo from a form and save it...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 3 Apr 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome former...
|
by: ryjfgjl |
last post by:
In our work, we often need to import Excel data into databases (such as MySQL, SQL Server, Oracle) for data analysis and processing. Usually, we use database tools like Navicat or the Excel import...
|
by: taylorcarr |
last post by:
A Canon printer is a smart device known for being advanced, efficient, and reliable. It is designed for home, office, and hybrid workspace use and can also be used for a variety of purposes. However,...
|
by: Charles Arthur |
last post by:
How do i turn on java script on a villaon, callus and itel keypad mobile phone
|
by: ryjfgjl |
last post by:
If we have dozens or hundreds of excel to import into the database, if we use the excel import function provided by database editors such as navicat, it will be extremely tedious and time-consuming...
|
by: ryjfgjl |
last post by:
In our work, we often receive Excel tables with data in the same format. If we want to analyze these data, it can be difficult to analyze them because the data is spread across multiple Excel files...
|
by: nemocccc |
last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
|
by: Sonnysonu |
last post by:
This is the data of csv file
1 2 3
1 2 3
1 2 3
1 2 3
2 3
2 3
3
the lengths should be different i have to store the data by column-wise with in the specific length.
suppose the i have to...
|
by: Hystou |
last post by:
There are some requirements for setting up RAID:
1. The motherboard and BIOS support RAID configuration.
2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
| |
