To install elgg, I have to make both my elgg/ and data/ directories have full permissions (chmod 777). I assume data/ has to stay this way during normal usage, but does elgg/ ? I'd really rather not have the root directory of my elgg installation be completely world-writable, but when I tried: chmod -x and chmod a-x on it, my installation no longer worked.
What are the best file permissions to have for maximum security, but still actually having it work (of course)? Thank you!
info@elgg.org
Security issues should be reported to security@elgg.org!
©2014 the Elgg Foundation
Elgg is a registered trademark of Thematic Networks.
Cover image by RaĆ¼l Utrera is used under Creative Commons license.
Icons by Flaticon and FontAwesome.
- DhrupDeScoop@Dhrup2000
DhrupDeScoop - 0 likes
- pythonscript@pythonscript
pythonscript - 0 likes
- DhrupDeScoop@Dhrup2000
DhrupDeScoop - 0 likes
- pythonscript@pythonscript
pythonscript - 0 likes
- DhrupDeScoop@Dhrup2000
DhrupDeScoop - 0 likes
- Cash@costelloc
Cash - 0 likes
- Stephen Sherman@stephenesherman
Stephen Sherman - 0 likes
- Cash@costelloc
Cash - 0 likes
You must log in to post replies.777 and 644
When I make the permissions on the elgg/ directory 644, I can't even cd into the directory. Is there something I'm missing, or am I using your advice on the wrong directory, or what?
can't cd to dir via ssh ?
b/c you're not the owner of that dir.
if u r root - you can,
but owner has to be apache or web-root or similar
in order for the website to work.
not a big issue if u r comfy w/ linux cmd line..
I have total access to this server (it's a personal web server). www-data, the user for apache2, owns the entire directory. Unfortunately, when I make the permissions for elgg/ 644 (with the owner being www-data) it's no longer accessible from the web (well, the LAN, this server isn't live yet).
if when you put 644 but cannot cd to the dir no more ;-)
u r not the owner no more..
does not snd like total xs.
not accessible from the web -->
see my previous comment.
do a ls -l as root
on the dir just above the one that holds
your elggcode and the data.
The recommended setup is:
1. your user account should own the code directory with permissions of 755 for directories and 644 for files.
2. the apache account can own the data directory with permissions of 755 or you can own the data directory with permissions of 777. Apache should create directories in the data directory that it owns and that you won't be able to read with a normal user account (new users are placed in the 2010 directory for example - at least for this year).
In Ubuntu, owner must be 'www-data'
The elgg code directories should not be owned by www-data. The data directory can be owned by www-data.