Help after install - permissions 777 danger

Camron Bickford
  últim editat: Thu, 18 Jan 2018 15:21:52 -0500  
@Hubzilla Support Forum+ During the Hubzilla install the instructions are to "chmod -R 777 store". I do have sufficient
privilege to change this to something better, but I guess I don't have sufficient knowledge to make these directories writeable
only by the webserver. I'm on a Ubuntu16 vps.

Current Properties for the "store" folder are:
owner: root
access: read & write
group: www-data
access: read & write
others: read & write


I really don't want to mess things up playing with things I don't understand.

Should I
sudo chown -R www-data /var/www/
and then
chmod -R 755 /var/www/

(my wordpress also isn't able to install plugins, so I'm thinking the whole server needs permission changes instead of just the Hubzilla directory)
Mike Macgirvin
  
That would work.

Technically the only things that www-data has to *write* are .htconfig.php (but only during installation) and store (where uploaded and server-generated files are kept). Your server security will be improved if you only give www-data permission to write to those specific locations and allow it to read from everything else.

You may also need to give www-data write permission to create symlinks in addon, view/theme, and widget if you use the built-in repository management features. I prefer to do these manually and keep write access restricted to the store folder.
paulfree14
  
Alexandre Hannud Abdo
  
Yeah, usually you want the webserver (www-data) to have read permission to everything.

In the case of WordPress, for auto-updates to work, write permission as well.

For Hubzilla the webserver needs write permissions at least to the /store folder if I recall correctly. The rest can remain read-only.

I personally prefer to keep the files owned by root (or my user), with full access, then have www-data as the group for all files, and give group read/write permissions as needed.