chmod – Internetblog.org.uk https://www.internetblog.org.uk Web hosting, Domain names, Dedicated servers Fri, 29 Jan 2016 11:05:52 +0000 en-US hourly 1 https://wordpress.org/?v=4.9.5 https://www.internetblog.org.uk/files/2016/01/cropped-favico-32x32.png chmod – Internetblog.org.uk https://www.internetblog.org.uk 32 32 Permissions for Common File Types https://www.internetblog.org.uk/post/1434/permissions-for-common-file-types/ Wed, 16 Jun 2010 14:23:08 +0000 http://www.internetblog.org.uk/post/1434/permissions-for-common-file-types/ File permissions for test user
In a previous post, I explained how to use chmod to change file permissions and also provided some security tips to ensure your file permissions are not more permissive than they need to be. Looking back on those posts, I think it would be useful to list some common file types and the maximum permissions that those files should have. The maximum means that there is no legitimate reason for those files to be any more permissive.

(r = read, w = write, x = execute) (Owner, Group, Other)

1. Executables – CGI files – Perl scripts, for example, often need to be executable. 755 (rwx r-x r-x)
2. Regular HTML and PHP files – These only need to be read by the outside world. 644 (rw- r– r–)
3. Private files – Sometimes text data files are stored on the server but do not need to be seen. 600 (rw- — —)
4. World writable – use these only if absolutely required by the application. 666 (rw- rw- rw-)
5. Full permissions – almost never necessary and could cause security problems. 777 (rwx rwx rwx)

There are other combinations, but these are the common permissions for files on most Linux servers. Only change file permissions if necessary. Otherwise, keep them as conservative as possible. This will ensure the security of your website(s) and server.

]]>
Joomla Security Tips https://www.internetblog.org.uk/post/1385/joomla-security-tips/ Wed, 02 Jun 2010 15:45:37 +0000 http://www.internetblog.org.uk/post/1385/joomla-security-tips/ Joomla configuration
Joomla is a powerful free and open source content management system. It has become very popular, and many web hosting provider offer instant installer scripts that can automatically install Joomla onto a customer’s website. In certain, situations, however, you may prefer to install Joomla yourself. When you do, there are certain security issues you should know.

1. Delete the “install” directory. Joomla tells you to do this, and if you forget, the results can horrific.

2. Chmod configuration.php to at least 644. No one should be able to access your configuration.php file. The only reason to even leave it as 644 and not 600 is that some web servers on shared hosts require PHP files to be readable by the web server, which is a different user than the site owner.

3. Backup early and often – Create backups of Joomla’s MySQL database. If anything ever does go wrong, you will have a backup.

4. Install mod_security – ModSecurity is an application firewall designed for web applications like Joomla. It will protect you where a network firewall cannot.

5. Secure your database – Setup Joomla to access the database with a user with limited privileges, and make sure the password is not easy to guess.

There are many more security issues you should consider. Over the coming days, I will highlight some of them. Hopefully, they will help you keep your Joomla installation stable and secure.

]]>
How to secure your WordPress installation https://www.internetblog.org.uk/post/1200/how-to-secure-your-wordpress-installation/ Tue, 13 Apr 2010 18:08:29 +0000 http://www.internetblog.org.uk/post/1200/how-to-secure-your-wordpress-installation/ Wordpress administration
Yesterday, news sources and blogs announced that WordPress blogs hosted by Network Solutions were being hacked. The website owners’ credentials were stolen, and then the sites were used to redirect thousands of visitors to websites that distributed malware. Apparently, WordPress’ configuration file, called wp-config.php, stores the user’s database password in plain text. Even still, attackers would not have access to the file if the right permissions are set. The hacked sites had configuration files that were readable by the outside world, including site visitors.

Because the attack exploits user error rather than an actual bug in the WordPress code, it is important to make sure that yours or your customers’ WordPress-based sites are secure. The first thing you can do is to chmod wp-config.php to 640, which means any outside site visitors will be completely denied.

chmod 650 wp-config.php

The second is to deny access using your .htaccess file, since no one who accesses the webserver will actually need access to the file under any circumstances.

# to protect wp-config.php

order allow,deny
deny from all

That is essentially all it takes and is actually more than is probably necessary to keep everything secure.
Warning: Some web hosting providers provide automated scripts to install WordPress for you. Do not assume that those installations are automatically secure.

Photo Source: Wikimedia Commons

]]>
Chmod shortcuts for Linux https://www.internetblog.org.uk/post/1185/chmod-shortcuts-for-linux/ Thu, 08 Apr 2010 21:12:37 +0000 http://www.internetblog.org.uk/post/1185/chmod-shortcuts-for-linux/ Chmod commands in Linux terminal
In a few previous posts, we learned how to change file and directory permissions with chmod. The standard method is to use numbers to represent various permissions. For example, typing “chmod 777 directoryname” will make the directory readable, writable, and executable for all users, local or otherwise.

There are many other codes to chmod for various permissions, but before we go into that, let’s learn some shortcuts. Rather than typing number that you might forget or accidentally give the wrong permissions, chmod also allows shortcuts. For example, if you wanted the group and others to be able to read and write a file, type:

chmod go=rx filename

To give read/write/execute permissions to all (i.e. 777), type:

chmod a=rwx

You might find this easier the next time you need to change some permissions. We’ll cover more tips in the near future. Keep visiting this blog for updates.

Photo Source: Wikimedia Commons

]]>
To chmod or not to chmod https://www.internetblog.org.uk/post/1162/to-chmod-or-not-to-chmod/ Thu, 01 Apr 2010 22:45:42 +0000 http://www.internetblog.org.uk/post/1162/to-chmod-or-not-to-chmod/ Chmod commands in Linux
When installing scripts on a server, there is a tendency of both developers (in their instructions) and users to be overly generous in dishing out file permissions. In Linux, file permissions can be manipulated with the “chmod” command.

For example, a script may require write access to a temporary directory, and the instructions may call for you to chmod the directory 777. What this means is that anyone can read, write, and execute commands to the directory, including complete strangers. While such permissions might be necessary for a public repository, they are not for most web-based scenarios.

If the server or a particular authenticated user needs write access for a directory, chmod it 664. This means that the owner and the user group will be able to write to that directory, but others will only be able to read its contents. If you ever need something to be completely locked down and not readable by the outside world, make the last digit a “0”. Stay tuned to this blog for more chmodding tips in the future.

Photo Source: Flickr

]]>