0

Possible Duplicate:
What are the best linux permissions to use for my website?

What is the correct way to set up directories to allow user uploads on Linux? My websites upload dir is 755, but Linux naturally doesn't let files be written to this directory except by the user. So should I change the directory to 777 or do some kind of group manipulation? Bare in mind, I don't want to open myself up to any security risks.

Community
  • 1
John Bowlinger
  • 297
  • 1
  • 4
  • 13

3 Answers3

0

if you let 777 will be risky for your server, better to create a folder pertinent owner and group permittions (like 775) and from y our application use the owner, so, you wont put yourself in risk.

jpganz18
  • 271
  • 3
  • 11
  • "from y our application use the owner". How would I do this in PHP? And wouldn't that be just as risky as someone could use my app code to inject their own? – John Bowlinger Sep 14 '12 at 22:38
  • will be as risky as not secure will be your application, but will eliminate all the risks of the 777 on a directory, that will let people put things there even if is not through your app. Use the apache user for give permittion to your folder http://stackoverflow.com/questions/4378592/whats-the-best-user-permission-setup-on-linux-for-a-folder-php-can-write-to – jpganz18 Sep 17 '12 at 14:09
0

What about using ACLs on the selected directory area permitting the user R/W?

mdpc
  • 11,856
  • 28
  • 53
  • 67
0

bindfs could help you. It is a FUSE filesystem which allows bind-mounting directories and altering and enforcing different permissions inside the mount point. If ACLs are too difficult for you to implement correctly, bindfs could be a solution. Beware of noticeable performance impact, though.

daff
  • 4,809
  • 2
  • 28
  • 27