Prestashop 1,7 security


This is my first time when I need to administer webstore server and I have a question. CMS that I use is Prestashop 1,7, OS Debian 9 and Apache webserver. Owner of the site folder and all subfolders is system user and the group is www-data. I run it on my VPS with full root access. Everything works perfect, but I have one security thought. For some folders (especially cache folders) Prestashop wants full rights: read, write and execute. It looks a bit risky for me - in case of any exploit, attacker can upload and execute scripts on my server. When I try to give folders only read and write rights, CMS doesn’t work - it causes HTTP 500 error or generates blank pages. Is it normal that Prestashop needs all rights to some folders or is it my mistake in configuration?

I can add that I use Apparmor, but still I would prefer to not give webserver full rights to the folders.

Submit an answer

This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.


I have set up prestashop over the Digital Ocean. I would like to know that is there any script for prastashop installation so it can be install the instance and update automatically.

Hello, thank you for the reply. Your tip is very simmilar to my present situation. I have a system (non-root) user who owns recursively /var/www/mysite and www-data is set as a group for this directory. CHMOD for whole /var/www/mysite directory recursively is 750, except those cache folders where I must set CHMOD 770. That gives webserver user full rights to some directories. Isn’t it a security issue?


Only your webserver user needs write permissions to cache folder and other related folders so you need to recursively set the owner to www-data using this command

sudo chown -R www-data cache

Then grant full owner permissions using this one

sudo chmod -R 755 cache

I hope it helps.