Chmod - Protect Users' File Being Accessed So Only Owner Can Access

  • Home
  • Languages
  • Linux
  • Chmod - Protect Users' File Being Accessed So Only Owner Can Access

chmod - protect users' file being accessed so only owner can access?

chmod 600 filename will do it;
or
chmod 700 if it is an executable.

Another way that is less cryptic is:

chmod go-rwx filename

  • The "g" is for group
  • The "o" is for others
  • The "-" is for removing permissions
  • The "r" is for read-permission
  • The "w" is for write-permission
  • The "x" is for execute permission.

For the sake of completeness:

  • "u" is for user / owner
  • "+" is for adding permissions

Folders protection

I believe you need something like 

chmod -R u+rw,go-rwX ~

Or

chmod -R 600 ~

which will give you read and write permissions but deny them to other users. Beware, however, that the root user can still access everything.

Visit this post on superuser. You will find all you need to know. Visit here and here to learn more about chmod and file security. But was there really a need to ask this question here? Possible duplicate?

How to secure DataBase settings from other users that have shell access to the server

The group of the file /home/mediawikiDBpsw/DBpsw.php with DataBase settings should be changed to the webserver's user group (use chgrp).

Than rights of the file should be changed to (use chmod)

w-rw-r----- /home/mediawikiDBpsw/DBpsw.php

Now, mediawiki will run, because webserver's user will have access to the DataBase settings. Still DataBase settings will be safe as others will not have reading access to /home/mediawikiDBpsw/DBpsw.php (unless they are in the same group as webserver's user, which shouldn't be the case).

How to set up file permissions for Laravel?

Just to state the obvious for anyone viewing this discussion.... if you give any of your folders 777 permissions, you are allowing ANYONE to read, write and execute any file in that directory.... what this means is you have given ANYONE (any hacker or malicious person in the entire world) permission to upload ANY file, virus or any other file, and THEN execute that file...

IF YOU ARE SETTING YOUR FOLDER PERMISSIONS TO 777 YOU HAVE OPENED YOUR
SERVER TO ANYONE THAT CAN FIND THAT DIRECTORY. Clear enough??? :)

There are basically two ways to setup your ownership and permissions. Either you give yourself ownership or you make the webserver the owner of all files.

Webserver as owner (the way most people do it, and the Laravel doc's way):

assuming www-data (it could be something else) is your webserver user.

sudo chown -R www-data:www-data /path/to/your/laravel/root/directory

if you do that, the webserver owns all the files, and is also the group, and you will have some problems uploading files or working with files via FTP, because your FTP client will be logged in as you, not your webserver, so add your user to the webserver user group:

sudo usermod -a -G www-data ubuntu

Of course, this assumes your webserver is running as www-data (the Homestead default), and your user is ubuntu (it's vagrant if you are using Homestead).

Then you set all your directories to 755 and your files to 644...
SET file permissions

sudo find /path/to/your/laravel/root/directory -type f -exec chmod 644 {} \;

SET directory permissions

sudo find /path/to/your/laravel/root/directory -type d -exec chmod 755 {} \;

Your user as owner

I prefer to own all the directories and files (it makes working with everything much easier), so, go to your laravel root directory:

cd /var/www/html/laravel >> assuming this is your current root directory
sudo chown -R $USER:www-data .

Then I give both myself and the webserver permissions:

sudo find . -type f -exec chmod 664 {} \;   
sudo find . -type d -exec chmod 775 {} \;

Then give the webserver the rights to read and write to storage and cache

Whichever way you set it up, then you need to give read and write permissions to the webserver for storage, cache and any other directories the webserver needs to upload or write too (depending on your situation), so run the commands from bashy above :

sudo chgrp -R www-data storage bootstrap/cache
sudo chmod -R ug+rwx storage bootstrap/cache

Now, you're secure and your website works, AND you can work with the files fairly easily

How to grant permission to users for a directory using command line in Windows?

As of Vista, cacls is deprecated. Here's the first couple of help lines:

C:\>cacls
NOTE: Cacls is now deprecated, please use Icacls.

Displays or modifies access control lists (ACLs) of files

You should use icacls instead. This is how you grant John full control over D:\test folder and all its subfolders:

C:\>icacls "D:\test" /grant John:(OI)(CI)F /T

According do MS documentation:

  • F = Full Control
  • CI = Container Inherit - This flag indicates that subordinate containers will inherit this ACE.
  • OI = Object Inherit - This flag indicates that subordinate files will inherit the ACE.
  • /T = Apply recursively to existing files and sub-folders. (OI and CI only apply to new files and sub-folders). Credit: comment by @AlexSpence.

For complete documentation, you may run "icacls" with no arguments or see the Microsoft documentation here and here

How to use chown command in PHP?

The chown (change owner) won't work for non-root user. What you really need to do is to grant the user (I assume it's a nginx) full permissions to files.

It can be achieved in few ways. The most secure way is to run PHP (I'm guessing PHP is running as a PHP-FPM) as a nginx user by editing params user and group in your php-fpm.conf file and restarting the PHP service.
In such case, the owner of files will be the same, so no file permission manipulation is needed. You'll need to change ownership of all files generated/uploaded by PHP to nginx once (using root user and chown command).

The second solution is to add the user who's running PHP-FPM to the same group as the nginx user and modify umask so the files are accessible to a group. Let's say that the group would be www-data (you have to add nginx user and the PHP-FPM process owner to that group, for example with usermod command, and edit your php-fpm.conf: set group to www-data). Then in your PHP scripts use umask function to allow all members of group to have full access to files: umask(0007);.

The third, least secure way is to give full access to your files for all users in the system. Use umask function in your PHP file to achieve this: umask(0000);

Insufficient permissions in vscode

You should add your User or the User who is currently logged in to the folder and grant Read and Write access.

Sample Image

Protect file in web root but give access from php

PHP runs as the same user as the webserver so if PHP can read it, so can your webserver (and vice versa).

If you don't want to use .htaccess there is another trick: save the file as a .php file. Even if someone accesses the file from the web they can't see the source, they might just get a white page or maybe an error depending on what exactly is in the file.


Related Topics

Use Find Command But Exclude Files in Two Directories

Linux Kernel Device Driver to Dma from a Device into User-Space Memory

Changing Location of Core Dump

Unix: Differencebetween Source and Export

Shell Script to Kill the Process Listening on Port 3000

Linux Application Profiling

How to Check If There Are Symbolic Links Pointing to a Directory

How Use Qt in Visual Studio Code

What's the Meaning of a ! Before a Command in the Shell

Is \D Not Supported by Grep's Basic Expressions

Understanding Load Average VS. CPU Usage

How to Append the Output to a File

How to Set Limit on Directory Size in Linux

Userspace VS Kernel Space Driver

Origin of a Kworker-Thread

List Only Duplicate Lines Based on One Column from a Semi-Colon Delimited File

Gvim Redraw Issues with Virtual Box and Windows 7 Host

Setting Up a Cronjob on Google Compute Engine


Leave a reply



Submit