Hello everyone,
I'm not sure if this is the correct forum for this, and apologies for the length of this question, but I'm desperate for some good advice...
I'm in way over my head with file permissions. The directory and files are sitting on a linux server. I know almost nothing about linux.
The background: I was given a web share by my IT admin. Initially, the web share had 3 users, myself (as the owner) ,root (the group) and everyone. I could copy and paste from my local folder to the web share when at work no problem. But I needed to be able to upload files from home over the web. Whatever the permissions were originally set to, wouldn't let me. So I changed permissions to five Full Control to "everyone", which let me upload. So now, "myself" and "everyone" have Full Control and "root" has partial control.
I then found a webadmin file which listed directory contents etc via the web and allowed me to upload, delete, view etc the files in my directories. I have noticed now that when I copy/paste files as originally, the file permission is set to 764 and the owner is set as "myself", which I assume is correct. But, when I upload the same file using the webadmin via the web, the file permission is set to 644 (according to the settings within the webadmin file) and the owner becomes "www-data".
Also, I notice that on the webadmin, any file that has permissions set as 600,755 or 644 allows me to change those permissions, but any file whose permissions are 764 will not allow me to change those permissions.
I am really confused and worried. My questions, in order of importance:
1) Have I massively compromised the security of my files by changing "everyone" permission to full control?
2) What should my directories and files have permissions set to in order to allow me to upload over the web but not compromise security?
3) For my directory, I assume the "myself" group should have full control. How much control should the other groups have?
4) Why are the permissions of the 764 not changeable but the 600,755 and 644 are?
5) When I upload a file via the web, why does the owner change to "www-data"?
If anyone could possibly spare the time to help me out, I would really be grateful. Thanks.
1  2208   Nepomuk 3,112
Recognized Expert Specialist
Hi! I don't know, if this is still an issue, but I thought I'd answer those of your questions that I can answer.
1) Have I massively compromised the security of my files by changing "everyone" permission to full control?
Probably, yes.
2) What should my directories and files have permissions set to in order to allow me to upload over the web but not compromise security?
Ideally I would say, no access to your directories at all, but reading access will possibly be vital. So use
to allow the "others" to only read those files.
3) For my directory, I assume the "myself" group should have full control. How much control should the other groups have?
Check my answer to 2).
4) Why are the permissions of the 764 not changeable but the 600,755 and 644 are?
I don't understand that - as far as I understand the modes, 764 should mean: 7 = the owner have reading, writing and execution access
6 = the owning group has reading and writing access
4 = the others have reading access As long as that file belongs to you (check with ls -l), it should work.
5) When I upload a file via the web, why does the owner change to "www-data"?
That's the user running the web service. As this user "creates" the files on the server, he's the owner.
There, I hope that helps a bit.
Greetings,
Nepomuk
Sign in to post your reply or Sign up for a free account.
Similar topics | |
by: Catherine Jo Morgan |
last post by:
I'm making a db for a client whose clients often share a household. For
example, one household member may become a client, with one or more others
becoming clients later. So I have a table for...
|
by: Mike MacSween |
last post by:
I'm not talking Access Users & Groups, I may or may not implement that. Even
if I do file/folder rights still need to be managed.
I've searched the archives and read the many postings. The basic...
|
by: MSDN Account |
last post by:
We have web site that used the IIS ResKit tool MSWC.PermissionChecker to
check file permissions. The web site has been upgraded and that upgrade
included changing the default server side language...
|
by: Carl Gilbert |
last post by:
Hi
I am trying to get an online gallery (www.ngallery.org - open source) to
upload image to a folder. At the moment I am using localhost but plan to
move to some web space when I get it all...
|
by: Wayne Wengert |
last post by:
I am trying to execute a file upload of a file but I ghet the error shown
below. I do have MyMachine\ASPNET permission set but I am using IIS6 and
the error information indicates that the base...
| | |
by: Alex Maghen |
last post by:
Hi.
I am really confused about the NTFS permissions that I must set for my
ASP.NET 2.0 IIS application to work properly. I have looked at KB:815153 and
that helps a *little* bit, but I need...
|
by: Fred W. |
last post by:
When my application starts I need to check folder permissions to ensure they
have "Full Control" before I let them proceed on. How can I check this
permission. Thank you, Fred
|
by: Adam Baker |
last post by:
Hello,
I'm writing a site where a handful of people will be able to edit
the content using PHP scripts (FCKeditor). The content is stored as
individual files in a directory. I'd like to validate...
|
by: beary |
last post by:
Hello everyone,
I posted this in unix/linux but it received no replies, so I assume it was the wrong forum. I'm trying here.
I'm in way over my head with file permissions. The directory and...
|
by: Hystou |
last post by:
There are some requirements for setting up RAID:
1. The motherboard and BIOS support RAID configuration.
2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
| | |
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers,...
|
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
|
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing,...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome a new...
| | |
by: conductexam |
last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and...
| |
