chmod - protect users' file being accessed so only owner can access?
chmod 600 filename
will do it;
orchmod 700
if it is an executable.
Another way that is less cryptic is:
chmod go-rwx filename
- The "g" is for group
- The "o" is for others
- The "-" is for removing permissions
- The "r" is for read-permission
- The "w" is for write-permission
- The "x" is for execute permission.
For the sake of completeness:
- "u" is for user / owner
- "+" is for adding permissions
Folders protection
I believe you need something like
chmod -R u+rw,go-rwX ~
Or
chmod -R 600 ~
which will give you read and write permissions but deny them to other users. Beware, however, that the root user can still access everything.
Visit this post on superuser. You will find all you need to know. Visit here and here to learn more about chmod
and file security. But was there really a need to ask this question here? Possible duplicate?
How to secure DataBase settings from other users that have shell access to the server
The group of the file /home/mediawikiDBpsw/DBpsw.php with DataBase settings should be changed to the webserver's user group (use chgrp).
Than rights of the file should be changed to (use chmod)
w-rw-r----- /home/mediawikiDBpsw/DBpsw.php
Now, mediawiki will run, because webserver's user will have access to the DataBase settings. Still DataBase settings will be safe as others will not have reading access to /home/mediawikiDBpsw/DBpsw.php (unless they are in the same group as webserver's user, which shouldn't be the case).
How to set up file permissions for Laravel?
Just to state the obvious for anyone viewing this discussion.... if you give any of your folders 777 permissions, you are allowing ANYONE to read, write and execute any file in that directory.... what this means is you have given ANYONE (any hacker or malicious person in the entire world) permission to upload ANY file, virus or any other file, and THEN execute that file...
IF YOU ARE SETTING YOUR FOLDER PERMISSIONS TO 777 YOU HAVE OPENED YOUR
SERVER TO ANYONE THAT CAN FIND THAT DIRECTORY. Clear enough??? :)
There are basically two ways to setup your ownership and permissions. Either you give yourself ownership or you make the webserver the owner of all files.
Webserver as owner (the way most people do it, and the Laravel doc's way):
assuming www-data (it could be something else) is your webserver user.
sudo chown -R www-data:www-data /path/to/your/laravel/root/directory
if you do that, the webserver owns all the files, and is also the group, and you will have some problems uploading files or working with files via FTP, because your FTP client will be logged in as you, not your webserver, so add your user to the webserver user group:
sudo usermod -a -G www-data ubuntu
Of course, this assumes your webserver is running as www-data (the Homestead default), and your user is ubuntu (it's vagrant if you are using Homestead).
Then you set all your directories to 755 and your files to 644...
SET file permissions
sudo find /path/to/your/laravel/root/directory -type f -exec chmod 644 {} \;
SET directory permissions
sudo find /path/to/your/laravel/root/directory -type d -exec chmod 755 {} \;
Your user as owner
I prefer to own all the directories and files (it makes working with everything much easier), so, go to your laravel root directory:
cd /var/www/html/laravel >> assuming this is your current root directory
sudo chown -R $USER:www-data .
Then I give both myself and the webserver permissions:
sudo find . -type f -exec chmod 664 {} \;
sudo find . -type d -exec chmod 775 {} \;
Then give the webserver the rights to read and write to storage and cache
Whichever way you set it up, then you need to give read and write permissions to the webserver for storage, cache and any other directories the webserver needs to upload or write too (depending on your situation), so run the commands from bashy above :
sudo chgrp -R www-data storage bootstrap/cache
sudo chmod -R ug+rwx storage bootstrap/cache
Now, you're secure and your website works, AND you can work with the files fairly easily
How to grant permission to users for a directory using command line in Windows?
As of Vista, cacls
is deprecated. Here's the first couple of help lines:
C:\>cacls
NOTE: Cacls is now deprecated, please use Icacls.
Displays or modifies access control lists (ACLs) of files
You should use icacls
instead. This is how you grant John full control over D:\test
folder and all its subfolders:
C:\>icacls "D:\test" /grant John:(OI)(CI)F /T
According do MS documentation:
F
= Full ControlCI
= Container Inherit - This flag indicates that subordinate containers will inherit this ACE.OI
= Object Inherit - This flag indicates that subordinate files will inherit the ACE./T
= Apply recursively to existing files and sub-folders. (OI
andCI
only apply to new files and sub-folders). Credit: comment by @AlexSpence.
For complete documentation, you may run "icacls
" with no arguments or see the Microsoft documentation here and here
How to use chown command in PHP?
The chown (change owner) won't work for non-root user. What you really need to do is to grant the user (I assume it's a nginx
) full permissions to files.
It can be achieved in few ways. The most secure way is to run PHP (I'm guessing PHP is running as a PHP-FPM) as a nginx
user by editing params user
and group
in your php-fpm.conf
file and restarting the PHP service.
In such case, the owner of files will be the same, so no file permission manipulation is needed. You'll need to change ownership of all files generated/uploaded by PHP to nginx once (using root user and chown command).
The second solution is to add the user who's running PHP-FPM to the same group as the nginx user and modify umask
so the files are accessible to a group. Let's say that the group would be www-data
(you have to add nginx
user and the PHP-FPM process owner to that group, for example with usermod
command, and edit your php-fpm.conf
: set group
to www-data
). Then in your PHP scripts use umask
function to allow all members of group to have full access to files: umask(0007);
.
The third, least secure way is to give full access to your files for all users in the system. Use umask
function in your PHP file to achieve this: umask(0000);
Insufficient permissions in vscode
You should add your User or the User who is currently logged in to the folder and grant Read and Write access.
Protect file in web root but give access from php
PHP runs as the same user as the webserver so if PHP can read it, so can your webserver (and vice versa).
If you don't want to use .htaccess
there is another trick: save the file as a .php
file. Even if someone accesses the file from the web they can't see the source, they might just get a white page or maybe an error depending on what exactly is in the file.
Related Topics
Use Find Command But Exclude Files in Two Directories
Linux Kernel Device Driver to Dma from a Device into User-Space Memory
Changing Location of Core Dump
Unix: Differencebetween Source and Export
Shell Script to Kill the Process Listening on Port 3000
How to Check If There Are Symbolic Links Pointing to a Directory
How Use Qt in Visual Studio Code
What's the Meaning of a ! Before a Command in the Shell
Is \D Not Supported by Grep's Basic Expressions
Understanding Load Average VS. CPU Usage
How to Append the Output to a File
How to Set Limit on Directory Size in Linux
Userspace VS Kernel Space Driver
List Only Duplicate Lines Based on One Column from a Semi-Colon Delimited File