Related

Join the DigitalOcean Community Community

Join 1M+ other developers and:

  • Get help and share knowledge in Q&A
  • Subscribe to topics of interest
  • Get courses & tools that help you grow as a developer or small business owner
 Join Now
Duplicate Website Question Question
Why are snapshots so slow Question Question

Question

Safer way to access image folder than 777 Permission

Posted March 30, 2015 19.6k views
SecurityDrupalLAMP StackDigitalOcean

Hi
For my photos to be uploaded to my drupal website and to show on the web pages

I have to change all my file and image folders to 777 permission
which seems a bit of a security risk

Any suggestions?

Add a comment
margalimited
By:
margalimited

Related

Join the DigitalOcean Community Community

Join 1M+ other developers and:

  • Get help and share knowledge in Q&A
  • Subscribe to topics of interest
  • Get courses & tools that help you grow as a developer or small business owner
 Join Now
Duplicate Website Question Question
Why are snapshots so slow Question Question

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

×
Submit an Answer
5 answers
freelancer March 30, 2015

I somewhat agree with @JonsJava , But since most of the Drupal content managers would need to upload/delete the static assets and they use FTP for it. So we should have to allow access to both web server user and the FTP user to have full access to the upload directory. Hope i clarified my answer.

Reply Report
margalimited March 31, 2015

JonsJava what is facl?

Reply Report
  • JonsJava April 1, 2015

    Sorry. I just noticed your question. facl is “File access control list”.

    I have a simple write-up here that will walk you through what you need to do.

    Reply Report
margalimited March 31, 2015

Can I do it the same way as wordpress?

sudo chown -R www-data:www-data ~/wordpress/

i.e

sudo chown -R www-data:www-data ~/sites/defaults/files/images

Reply Report
freelancer March 30, 2015

I think this should be fine as they are static content.

Just make sure that you don’t give permission to modify your PHP files, They should all have read-only access by the web server.

Also you can add some security rules in the htaccess files to disallow malicious code in those folders which have 777. Allow files only with specific extensions.

Reply Report
JonsJava March 30, 2015

I wholeheartedly disagree with @freelancer . There is never a time where you need 777.

For ubuntu/Debian, run this (changing the value for web_folder if it’s not right):

web_folder='/var/www/html/'
chown www-data:www-data $web_folder -R; find $web_folder -type f -print0 |xargs -0 chmod 644; find $web_folder -type d -print0 |xargs -0 chmod 755;

For Fedora/CentOS (Again, change the value for web_folder if it’s not right):

web_folder='/var/www/html/'
chown apache:apache $web_folder -R; find $web_folder -type f -print0 |xargs -0 chmod 644; find $web_folder -type d -print0 |xargs -0 chmod 755;

The simple rule is you only give permissions that you need. Never more. Any good admin will say the same thing.

EDIT: here’s what the script does:

  • changes the files to the proper owner
    • (apache for RPM-based, and www-data for deb based systems)
  • sets all files to 644
  • sets all folders to 755.
Reply Report

Related

Looking for something else?

Ask a new question Search for more help