File permissions and question about is it safe

  • I need urgent help please. At 1st i couldnt update wordpress then i couldnt do plugins from panel after that when i tried to ftp it installs the plugins manually but plugins dont work. Some permissions thing of folders and files. I tried google and followed every tutorial but nothing seems to work as in its not clear what actually to do. Its like mixed thoughts and stuff. So my blog got broken. Hardly managed to bring it up after a whole day of searching.

    So finally i have 1 questions.

    1. Is it safe to have all Files and Directory’s, owner/group www-data? (apache) or owner/group or owner owner?

    Or is it a security risk? If it is a risk then please guide me the how permissions should be so i can easily update and upload plugins from ftp and panel both without any problems. A dummy guide would be awesome as i am new to this stuff.

    Thanks for reading. I hope someone can help me out.

Viewing 6 replies - 1 through 6 (of 6 total)
  • Moderator Steven Stern (sterndata)

    (@sterndata)

    Volunteer Forum Moderator

    >> is it safe to have all Files and Directory’s, owner/group www-data? <<

    If this is the only site you’re running on the server, yes, pretty much. I would still recommend running php-fpm under a specific user for each specific site (e.g., “site-www” for “www.site.com”) so things are clearly and cleanly separated. Here, ownership is more important than permissions, which should be 755/644 for directories/files.

    @sterndata do you know of an up to date tutorial to achieve running php-fpm under a specific user for each specific site?

    I cant seem to find for (apache)

    Moderator Steven Stern (sterndata)

    (@sterndata)

    Volunteer Forum Moderator

    I’ll give you an example from my own server. The files in my DocumentRoot are owned by “sdswww”.

    /etc/php-fpm.d/www.sterndata.com.conf

    [www.sterndata.com]
; Using TCP Sockets
;listen = 127.0.0.1:9001
;listen.allowed_clients = 127.0.0.1

; Using Unix Sockets
listen = /var/run/php-fpm/www.sterndata.com.sock
listen.mode = 0666

user = sdswww
group = sdswww
pm = ondemand
;pm = dynamic
pm.max_children = 6
pm.status_path = /statusfpm
slowlog = /var/log/php-fpm/www.sterndata.com_slow.log
catch_workers_output = yes
chdir = /var/www/www.sterndata.com/wordpress

;php_flag[display_errors] = Off
;php_flag[magic_quotes_gpc] = Off
;php_flag[track_vars] = On
;php_flag[register_globals] = Off

php_value[max_execution_time] = 240

php_value[include_path] = .
php_value[session.save_handler] = files
;php_value[session.save_path] = /var/lib/php/mod_php/session
;php_value[session.save_path] = /var/lib/php/fpm/session
php_value[session.save_path] = /tmp

php_admin_value[max_input_vars] = 1800
php_admin_value[upload_max_filesize] = 16M
php_admin_value[post_max_size] = 16M
php_admin_value[expose_php] = Off
php_admin_value[error_log] = /var/log/php-fpm/www.sterndata.com_php-fpm.log
php_admin_flag[log_errors] = On
php_admin_flag[allow_url_fopen] = Off
php_admin_value[upload_tmp_dir] = /tmp

    /etc/httpd/conf.d/www.sterndata.com.conf

    <VirtualHost *:80>
   ServerName www.sterndata.com
   ServerAlias sterndata.com
   RewriteEngine On
   RewriteCond %{SERVER_PORT} 80
   RewriteRule ^(.*)$ https://www.sterndata.com$1 [R=301,L]
   CustomLog /var/log/httpd/www.sterndata.com_access_log combined
   ErrorLog /var/log/httpd/www.sterndata.com_error_log

</VirtualHost>
<VirtualHost *:443>
    ServerName www.sterndata.com
    ServerAlias sterndata.com
   
    SSLEngine on
    SSLCertificateFile /etc/letsencrypt/live/sterndata.com/cert.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/sterndata.com/privkey.pem
    SSLCertificateChainFile /etc/letsencrypt/live/sterndata.com/chain.pem

    DocumentRoot /var/www/www.sterndata.com/wordpress
    CustomLog /var/log/httpd/www.sterndata.com_access_log combined
    ErrorLog /var/log/httpd/www.sterndata.com_error_log
    
    Protocols h2 h2c http/1.1
    

    ProxyPassMatch ^/(.*\.php(/.*)?)$ unix://var/run/php-fpm/www.sterndata.com.s
ock|fcgi://127.0.0.1:9000/var/www/www.sterndata.com/wordpress timeout=300
    <Directory /var/www/www.sterndata.com>
       AllowOverride All
    </Directory>
</VirtualHost>

    Note that if you have questions, best to google around for suggestions related to your own particular Linux distro. I’m using CentOS 7.

    Thread Starter canthinkofausername

    (@canthinkofausername)

    Thank you so much bud. That really helped ??

    @sterndata Thanks for you help.

    This is what I did in the end ubuntu 16:

    sudo groupadd test
    sudo useradd -g test test

    In /etc/php/7.3/fpm/pool.d/ you see a file https://www.conf. Make a copy of this and name it test.conf

    Open sudo nano test.conf

    [test]
    add:user = test
    group = test
    listen = /var/run/php/php7.3-fpm-test.sock
    listen.owner = www-data
    listen.group = www-data
    php_admin_value[disable_functions] = exec,passthru,shell_exec,system
    php_admin_flag[allow_url_fopen] = off

    sudo nano /etc/apache2/sites-available/000-default.conf

    VirtualHost add:

    <FilesMatch “.+\.ph(ar|p|tml)$”>
    SetHandler “proxy:unix:/run/php/php7.3-fpm-test.sock|fcgi://localhost”
    </FilesMatch>

    • This reply was modified 4 years, 11 months ago by madness85.
    • This reply was modified 4 years, 11 months ago by madness85.
    Moderator Steven Stern (sterndata)

    (@sterndata)

    Volunteer Forum Moderator

    I don’t speak the Ubuntu dialect

Viewing 6 replies - 1 through 6 (of 6 total)
  • The topic ‘File permissions and question about is it safe’ is closed to new replies.