By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
429,045 Members | 1,305 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 429,045 IT Pros & Developers. It's quick & easy.

Need Help with File Permissions

100+
P: 170
Hello everyone,

I posted this in unix/linux but it received no replies, so I assume it was the wrong forum. I'm trying here.

I'm in way over my head with file permissions. The directory and files are sitting on a linux server. I know almost nothing about linux.

The background: I was given a web share by my IT admin. Initially, the web share had 3 users, myself (as the owner) ,root (the group) and everyone. I could copy and paste from my local folder to the web share when at work no problem. But I needed to be able to upload files from home over the web. Whatever the permissions were originally set to, wouldn't let me. So I changed permissions to five Full Control to "everyone", which let me upload. So now, "myself" and "everyone" have Full Control and "root" has partial control.

I then found a webadmin file which listed directory contents etc via the web and allowed me to upload, delete, view etc the files in my directories. I have noticed now that when I copy/paste files as originally, the file permission is set to 764 and the owner is set as "myself", which I assume is correct. But, when I upload the same file using the webadmin via the web, the file permission is set to 644 (according to the settings within the webadmin file) and the owner becomes "www-data".

Also, I notice that on the webadmin, any file that has permissions set as 600,755 or 644 allows me to change those permissions, but any file whose permissions are 764 will not allow me to change those permissions.

I am really confused and worried. My questions, in order of importance:

1) Have I massively compromised the security of my files by changing "everyone" permission to full control?

2) What should my directories and files have permissions set to in order to allow me to upload over the web but not compromise security?

3) For my directory, I assume the "myself" group should have full control. How much control should the other groups have?

4) Why are the permissions of the 764 not changeable but the 600,755 and 644 are?

5) When I upload a file via the web, why does the owner change to "www-data"?

If anyone could possibly spare the time to help me out, I would really be grateful. Thanks.
Jun 18 '08 #1
Share this Question
Share on Google+
2 Replies


RedSon
Expert 5K+
P: 5,000
1) Have I massively compromised the security of my files by changing "everyone" permission to full control?

2) What should my directories and files have permissions set to in order to allow me to upload over the web but not compromise security?

3) For my directory, I assume the "myself" group should have full control. How much control should the other groups have?

4) Why are the permissions of the 764 not changeable but the 600,755 and 644 are?

5) When I upload a file via the web, why does the owner change to "www-data"?

If anyone could possibly spare the time to help me out, I would really be grateful. Thanks.
1. When you set your permissions to "everyone" (or 777) you permit anyone with an account on the system to have access to those files. So yes I would say that is a pretty big compromise of the security unless you don't care if everyone sees your stuff.

2. This depends entirely on the way your system is set up. If you have some kind of web access to files where you can upload and download them then the best course would be to let the web server handle all the permissions and not worry about it. If you need multiple access to files like through the webserver and via FTP and through the shell then you will need to ask your server administrator to make you a member of all of those groups so that you can have access to those files.

3. I'm not sure what the "myself" group is, unless it is an alias for your user name. The other groups should have only as much access as they need. One of the key points of security is to only give a person (or entity) the minimum amount of permissions they need to get their job done. If other groups won't ever have a need to access your files then there is no point in giving them access.

4. I'm not sure what is going on because each of those permissions could correspond to a different owner or group. It sounds like what ever files you can change the permissions on that have 600,755 and 644 you are the owner or the group owner. For a good file permission calculator and to help you figure out what is going on you can check this link http://www.robolink.co.uk/calculators10.htm?seq=496

5. When you are using the web server to upload files your are passing those files to the web server to be written to disk. Since the web server is the "creator" of the files that are written the owner name becomes www-data (the name of the apache web server)
Jun 19 '08 #2

100+
P: 170
...Answers...
RedSon, Thanks so much for taking the time to answer those questions. I really appreciate it.

Cheers.
Jun 19 '08 #3

Post your reply

Sign in to post your reply or Sign up for a free account.