Question
Safer way to access image folder than 777 Permission
- Posted March 30, 2015
- DigitalOceanLAMP StackSecurityDrupal
Hi For my photos to be uploaded to my drupal website and to show on the web pages
I have to change all my file and image folders to 777 permission which seems a bit of a security risk
Any suggestions?
Subscribe
Share
Submit an answer
You can type!ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!
Sign in to AnswerThese answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.
Can I do it the same way as wordpress?
sudo chown -R www-data:www-data ~/wordpress/
i.e
sudo chown -R www-data:www-data ~/sites/defaults/files/images
JonsJava what is facl?
I somewhat agree with @JonsJava , But since most of the Drupal content managers would need to upload/delete the static assets and they use FTP for it. So we should have to allow access to both web server user and the FTP user to have full access to the upload directory. Hope i clarified my answer.
I wholeheartedly disagree with @freelancer . There is never a time where you need 777.
For ubuntu/Debian, run this (changing the value for web_folder if it’s not right):
For Fedora/CentOS (Again, change the value for web_folder if it’s not right):
The simple rule is you only give permissions that you need. Never more. Any good admin will say the same thing.
EDIT: here’s what the script does:
I think this should be fine as they are static content.
Just make sure that you don’t give permission to modify your PHP files, They should all have read-only access by the web server.
Also you can add some security rules in the htaccess files to disallow malicious code in those folders which have 777. Allow files only with specific extensions.