permissions – Internetblog.org.uk https://www.internetblog.org.uk Web hosting, Domain names, Dedicated servers Fri, 29 Jan 2016 11:05:52 +0000 en-US hourly 1 https://wordpress.org/?v=4.9.5 https://www.internetblog.org.uk/files/2016/01/cropped-favico-32x32.png permissions – Internetblog.org.uk https://www.internetblog.org.uk 32 32 Permissions for Common File Types https://www.internetblog.org.uk/post/1434/permissions-for-common-file-types/ Wed, 16 Jun 2010 14:23:08 +0000 http://www.internetblog.org.uk/post/1434/permissions-for-common-file-types/ File permissions for test user
In a previous post, I explained how to use chmod to change file permissions and also provided some security tips to ensure your file permissions are not more permissive than they need to be. Looking back on those posts, I think it would be useful to list some common file types and the maximum permissions that those files should have. The maximum means that there is no legitimate reason for those files to be any more permissive.

(r = read, w = write, x = execute) (Owner, Group, Other)

1. Executables – CGI files – Perl scripts, for example, often need to be executable. 755 (rwx r-x r-x)
2. Regular HTML and PHP files – These only need to be read by the outside world. 644 (rw- r– r–)
3. Private files – Sometimes text data files are stored on the server but do not need to be seen. 600 (rw- — —)
4. World writable – use these only if absolutely required by the application. 666 (rw- rw- rw-)
5. Full permissions – almost never necessary and could cause security problems. 777 (rwx rwx rwx)

There are other combinations, but these are the common permissions for files on most Linux servers. Only change file permissions if necessary. Otherwise, keep them as conservative as possible. This will ensure the security of your website(s) and server.

]]>
Useful RPM Tips https://www.internetblog.org.uk/post/1366/useful-rpm-tips/ Thu, 27 May 2010 17:07:05 +0000 http://www.internetblog.org.uk/post/1365/useful-rpm-tips/ RPM logoAs I mentioned in an earlier post, YUM is a powerful package management system, commonly used in RPM-based Linux distributions, including Red Hat Enterprise Linux, CentOS, and Fedora. We have covered some of the basic YUM commands. Now, here are some helpful commands not in YUM that you can use to better manage your RPM packages.

1. Reset file permissions – This is for those times when you have made changes to an application that you probably should not have made. RPM can reset the permissions for all files in the package and return them to the state they were in when you installed it. Simply run this command:

rpm --setperms

2. Extract one file from an rpm – Whenever you do not actually want to install an RPM, you can extract its contents. This is also useful if you have changed something in one of the files and just need to extract the default file, like logrotate.conf. Run this command:

rpm2cpio logrotate-1.0-1.i386.rpm |cpio -ivd etc/logrotate.conf

3. Query 3rd party packages – In this example, suppose you are using CentOS, but you want to query packages from other repositories. This command will allow you to find packages not in the CentOS repository.

rpm -qa --qf '%{NAME} %{VENDOR}\n' | grep -v CentOS

]]>
Licensing Your Website https://www.internetblog.org.uk/post/1245/licensing-your-website/ Mon, 26 Apr 2010 16:24:27 +0000 http://www.internetblog.org.uk/post/1245/licensing-your-website/ Copyright all rights reserved
From the title of this blog, one might imagine having to stand in line at some type of bureau for websites to get the proper licensing needed, but it is actually not that complicated. In the most simplistic scenario, you are the owner of your website and thus own the copyright to all of the intellectual property you create.

If you want the copyright to content created by someone else, even if they write or take photos for your site, you must get their signed written permission. In other words, they must sign over their copyright to you. In either case, the copyright statement in the footer of your website should indicate that you or your business owns the rights. If you do not want anyone to use your content, you can leave the default copyright clause accepted in most countries: “All Rights Reserved.”

In some circumstances, however, you may want to give others certain permissions to use your work. In such a case, you can hire a lawyer to create your own complex license or use a Creative Commons license, which allows you to have “Some Rights Reserved” but also lend some rights to others for the usage you specify. This site, for example, is released under such a license.

Photo Source: Flickr

]]>
Chmod shortcuts for Linux https://www.internetblog.org.uk/post/1185/chmod-shortcuts-for-linux/ Thu, 08 Apr 2010 21:12:37 +0000 http://www.internetblog.org.uk/post/1185/chmod-shortcuts-for-linux/ Chmod commands in Linux terminal
In a few previous posts, we learned how to change file and directory permissions with chmod. The standard method is to use numbers to represent various permissions. For example, typing “chmod 777 directoryname” will make the directory readable, writable, and executable for all users, local or otherwise.

There are many other codes to chmod for various permissions, but before we go into that, let’s learn some shortcuts. Rather than typing number that you might forget or accidentally give the wrong permissions, chmod also allows shortcuts. For example, if you wanted the group and others to be able to read and write a file, type:

chmod go=rx filename

To give read/write/execute permissions to all (i.e. 777), type:

chmod a=rwx

You might find this easier the next time you need to change some permissions. We’ll cover more tips in the near future. Keep visiting this blog for updates.

Photo Source: Wikimedia Commons

]]>
To chmod or not to chmod https://www.internetblog.org.uk/post/1162/to-chmod-or-not-to-chmod/ Thu, 01 Apr 2010 22:45:42 +0000 http://www.internetblog.org.uk/post/1162/to-chmod-or-not-to-chmod/ Chmod commands in Linux
When installing scripts on a server, there is a tendency of both developers (in their instructions) and users to be overly generous in dishing out file permissions. In Linux, file permissions can be manipulated with the “chmod” command.

For example, a script may require write access to a temporary directory, and the instructions may call for you to chmod the directory 777. What this means is that anyone can read, write, and execute commands to the directory, including complete strangers. While such permissions might be necessary for a public repository, they are not for most web-based scenarios.

If the server or a particular authenticated user needs write access for a directory, chmod it 664. This means that the owner and the user group will be able to write to that directory, but others will only be able to read its contents. If you ever need something to be completely locked down and not readable by the outside world, make the last digit a “0”. Stay tuned to this blog for more chmodding tips in the future.

Photo Source: Flickr

]]>
How to setup umask on a Linux server https://www.internetblog.org.uk/post/1033/how-to-setup-umask-on-a-linux-server/ Wed, 24 Feb 2010 20:02:31 +0000 http://www.internetblog.org.uk/post/1033/how-to-setup-umask-on-a-linux-server/ terminal iconIn Linux umask, or user file-creation mode mask, determines the permissions of new files. In other words, whenever you make a new file or upload/transfer a file from your local machine or another server, umask sets the initial permissions of that file.

In most Linux distributions, umask for all users is set in /etc/bashrc or /etc/profile. It uses a four digit code to determine the permissions. The default umask is 0002, which sets default directory permissions to 775 and default file permissions to 664. Use this simple calculation to determine the umask code for a permission:

Subtract the permission you want from the default file permission:

777 - 755 = 022

Similarly, for directories:

666 - 644 = 022

For a complete explanation of umask settings, type man umask from the command line.

Image Source: Wikimedia Commons

]]>
Using the "ls" Command in Linux https://www.internetblog.org.uk/post/687/using-the-ls-command-in-linux/ Tue, 17 Nov 2009 22:06:21 +0000 http://www.internetblog.org.uk/post/687/using-the-ls-command-in-linux/ ls command in Linux
In Linux, few commands are more important when managing your file system than “ls”. On a server, it is very important to know how to view files and their properties. With “ls” you can view a simple list of files or any number of more complicated variations of the list.

Typing “ls” with no flags will give you multiple columns of files and directories in alphabetical order. Adding an “-a” flag will display hidden files (those with a “.” in front of the names). Add an “-l” flag, and you will see long format, with directory information, permissions, file size, and modification date.

Some servers are set to show colors by default. If yours is not, add the “–color” flag to show your directories and various files in different colors, which makes it easier to distinguish a directory from a file and an executable from a text file. Add an “-r” to display the results in reverse order. “-U” will not sort them at all and leave them in directory order. There are many other combinations and flags you can use with “ls”. For a complete guide, type “man ls” from the command line.

]]>
Keep Your Website Safe from Hackers https://www.internetblog.org.uk/post/465/keep-your-website-safe-from-hackers/ Tue, 08 Sep 2009 15:34:00 +0000 http://www.internetblog.org.uk/post/465/keep-your-website-safe-from-hackers/ Secure USB
Question: How do I keep my hosting account from being hacked?

Answer:

1. More than anything else, it is important to keep your passwords secret and unique. No one else should have your password, not even your web host. If someone emails you pretending to be your web host or other authority and asks you for your password, do NOT believe it. Contact your web hosting company and let them know about the email. Also, make your password difficult to guess. Try to use a mixture of letters and numbers rather than a real word.

2. Always keep your personal computer clean from viruses and perform all of your security updates. Chances are, if you are infected with malware or a botnet, it will seek out the computers you connect to first, starting with your server.

3. Always keep third-party scripts and software up to date. This is crucial. You could have taken all other precautions, but if your shopping cart or forum has an unpatched security hole, you are in for a hurting — something that could affect your entire server and be grounds for account suspension.

4. Make sure that none of your files have world-writable permissions. In Linux, this means 777. In a file manager or FTP program, it might look like “-rwxrwxrwx”. Files should be either 755 (only for executable files, when a script requires it) or 644 (writeable only to you and read-only to everyone else). Those will look like “-rwxr-xr-x” and “-rw-r–r–“.

Photo: SXC

]]>