The Holodyn Corporation
Please Login or Register

Knowledgebase

Portal Home > Knowledgebase > Web Site Hosting > CHMOD Files & Folders for Best Security in Apache

Add to Favourites Add to Favourites Print this Article Print this Article

CHMOD Files & Folders for Best Security in Apache

How to change file permissions in APACHE to improve security.

The Objective: To recursively update the files / folders within your public web folder to prevent unauthorized changes.

The Rub: Permissions can prevent modification but are NOT infallible.  Anyone with valid FTP or SSL access may still update files associated with that account.

File Ownership: All Files / Folders have an OWNER and a GROUP association.  In most APACHE hosting environments, the GROUP and OWNER of each file / folder will the username for the hosting account.  The same account username is typically provided as the FTP or SSL username, which gives full control over all files / folders.

File Permissions: Files and folders have 3 permission flags (Read, Write, Execute) for each of the 3 access groups (Owner, Group, Public).  In the example below, we will be setting all folders for READ / EXECUTE and all files for READ.  In some environments, EXECUTE may not be required and should be avoided.

 

For many installations, there are specific files / folders that may need to have WRITE permissions.  Also, depending on your specific *Nix / Apache configuration, you may need to adjust the specific permissions to achieve the desired effect.

 

The FIND & CHMOD Commands 

First we need to connect VIA SSL to the web server.  In windows, you can use a great tool called Putty.  Once connected, you will navigate to the folder that you wish to start your changes from.  In many cases, this will be /home/username/public_html. 

All PHP File Permissions:
we search for Files (-type f) matching *.php (-name "*.php"), then execute CHMOD with the permission 0444 for each

find . -type f -name "*.php" -exec chmod 0444 {} \;

All HTML File Permissions:
we search for Files (-type f) matching *.html (-name "*.html"), then execute CHMOD with the permission 0444 for each

find . -type f -name "*.html" -exec chmod 0444 {} \;

 

All Folder Permissions:
we search for Folders (d), then execute CHMOD with the permission 0555 for each

find . -type d -exec chmod 0555 {} \;

** Handling Exceptions **

Ok, now we've got some errors because some folders need WRITE permission so that the software can store images, logs, etc.

Navigate to the folder in question, for example /home/username/public_html/images

Then override your previous changes with a similar command, giving each folder the 0755 permission (Read / Execute / Owner-Write).

find . -type d -exec chmod 0755 {} \;

 

CHMOD Octals Worksheet

0777 = 0UGO = (Zero), User, Group, Other

(R)ead = 4
(W)rite = 2
E(X)ecute = 1

If we want to know what 0754 means, we can do this!

0 = Ignore first digit - always Zero
7 = 4 + 2 +1 or Read + Write + Execute
5 = 4 + 2 or Read + Execute
4 = 4 or Read

If we want to create the octal value, we can do this!

To solve for: 
U = Read + Execute
G = Read
O = Read

We would add:
U = 4 + 1 = 5
G = 4
O = 4

Then shift a Zero 0 to the front to result:
0544

 

 



Was this answer helpful?

Also Read
Exporting UTF-8 Compliant Data from phpMyAdmin (Views: 1536)
Updating IonCube Loader in Linux Fedora (Views: 469)
Using WinSCP to replace FTP File Transfers for increased Security (Views: 1671)
Clearing Brute Force Lockout (Views: 687)
Customizing Apache Virtual Host in httpd.conf (Views: 714)

Language:

Quick Navigation

Client Login

Email

Password

Remember Me

Search


Copyright © 2006 - 2012 The Holodyn Corporation :: All Rights Reserved Worldwide :: Thank You for Your Time and Support
Submit a Ticket | Manage Account | Atlanta Graphic Design | Atlanta Web Design | Atlanta Web Hosting
Credit Card Processing