0

I just switched my site's server from Windows to Linux, and am finally able to control file permissions from my ftp. So, seeing that all permissions were 705 by default (and not wanting just anyone to have permission to execute), I went and changed everything to 744.

Now, gif and jpg links don't work, pdf download links don't work, php links don't load, and mov files don't play. Conversely, all html files work perfectly. Setting things back doesn't seem to help. Even setting to 777 gets me nowhere.

Any ideas on what might be going wrong? I've been googling file permissions all day (solved that problem with the Windows-Linux switch, which has bred a new problem), and I don't think anything I can find has escaped my attention.

The site: absis-minas.com

Go easy on a n00b. I took up learning php out of interest, and wound up delving into server management issues due to a very simple line of code not working the way it was supposed to.

Thanks!

Absis Minas
  • 11
  • 3
  • Just out of curiosity, what file permissions issues were you having on Windows that you solved by moving to Linux?? – GregD Jan 03 '11 at 13:32
  • Under Windows, I was unable to change file permissions. I could log into my hosting account and switch them there, but those changes weren't recognized by FileZilla or Dreamweaver. I have absolutely no idea why. Now that I've switched to Linux, R, W, and X are all present. Seeing that they by default gave X permissions to the public, I changed everything to 744. – Absis Minas Jan 03 '11 at 13:37

3 Answers3

3

If you set everything to 777 then right off the bat, you know that something else is up.

That being said, standard permissions for your files and folders should be : - for folders : rwxr-xr-x (755) - for most files rwr--r-- (644)

In your case, since you've just migrated your site over to a new server, you'll want to verify your web server configurations and folder paths. Specifically, your web browser ought to be able to execute your php files. If suexec is used, then file ownership should be investigated as well .. log files /var/log/apache2/error.log or the like as well as the suexec log will provide information.

Since you're moving from Windows to Linux, you may also want to ensure that all of your paths work and are referred to in the same case ... I'd also go through your index page and verify whether all the paths actually exist ... for instance, this gives a 404 / not found : Further

jonathanserafini
  • 1,738
  • 14
  • 20
  • This place is so unbelievably troll-free. Thank you. Question, though: why should group and public be able to execute folders? – Absis Minas Jan 03 '11 at 13:43
  • 1
    On a folder, the execute bit allows you to "enter". – jonathanserafini Jan 03 '11 at 13:49
  • Your suggestion worked. – Absis Minas Jan 03 '11 at 13:51
  • Just one thought... having the world able to enter you directories is not a good approach as well. Be really careful giving access to everybody. – tmow Jan 03 '11 at 13:52
  • Ooh - my directories aren't that open with a 755, are they? – Absis Minas Jan 03 '11 at 13:56
  • Of course, anybody who has direct access to the server can list the content of all the directories. The best is to set permissions on directories to 750, but to do this it's important to have the owner of the folders as the same owner of the processes running apache. – tmow Jan 03 '11 at 14:01
  • With 755, the owner may read, write or execute and both the group and "everyone" may read and execute the folder ( which is not the same as files within the folder ). Technically you would want to restrict that to 750 if you wanted to be safer so as to prevent "everyone". However, this may kill access to the files if you're for instance writing then as ftp_user and serving them as www_user. Also it's debatable whether restricting "everyone" access to publicly served files would have any "real" impact. – jonathanserafini Jan 03 '11 at 14:01
  • Perfectly agree, but if you don't have the full control on what you are doing, in terms of security, coding, server and network administrations, is better to avoid as much as possible situations like http://serverfault.com/questions/218005/my-servers-been-hacked-emergency . as less possibilities you leave to script kiddies to brake your site as better it is. So I really advice to loose 10 minutes more today to fix well the permissions than just workaround the problem to forget it asap. – tmow Jan 03 '11 at 14:12
  • You say that 750 is the most secure, but the only way that I can get all the image, pdf, and mov files to work, is by setting all of their respective folders to 755. delerious010, you said that "most files" could get away with 644, and most folders with "755," but does this general rule change with file types? – Absis Minas Jan 03 '11 at 15:44
  • I do agree that tmow is in all things in his previous comment. Anyways, regarding the permissions it'll greatly depend on your server configuration. Do you know which user/group your web server runs as ? Do you upload files to the folder as another user ? That may explain why 750 does not work, whereas 755 does. As for the file permissions, your files really shouldn't need to be executed. That being said, an improperly configured server may require your PHP files to be executable, or other CGIs if you use them. – jonathanserafini Jan 03 '11 at 22:29
0

http://permissions-calculator.org/ try above link to understand :)

Rajat
  • 3,329
  • 21
  • 29
0

I agree with Delerious, but could be also a owner issue.

Probably from the root till the directory where you have stored the images, php and movies, there are one or more directory that are not accessible by the user the run apche (is an apache?).

So check carefully all the path, then in your PHP scripts or HTML files you could have some old MSDOS like path (\PATH\TO\image.jpg) and finally I'd check apache and PHP setup to be sure everything works fine.

Look at the log files!!! You can provide us some logs, so that we can help you better.

tmow
  • 1,187
  • 8
  • 20