CODEWITHSUNDEEP
magentopermissions
Prem Anand
Prem Anand

Reputation: 1496

Permissions for files during magento installation

Im installing magento on the server. During the installation process need to give permissions for these files

"public_html/magento/app/etc".

"public_html/magento/var".

"public_html/magento/media".

I can proceed through the installation only if I give 777 permission. I know that giving 777 permission isn't a good practice. What should I do for this??. Please Help

Upvotes: 3

Views: 1711

Answers (2)

Oscprofessionals
Oscprofessionals

Reputation: 2174

If you look into Magento following folders for .htaccess you will find

/var/.htaccess

Order deny,allow Deny from all

/app/.htaccess Order deny,allow Deny from all

this rule will be applicable to all folders with /app

and for /media/.htaccess Options All -Indexes php_flag engine 0

AddHandler cgi-script .php .pl .py .jsp .asp .htm .shtml .sh .cgi Options -ExecCGI

#

enable rewrites

Options +FollowSymLinks
RewriteEngine on
#

never rewrite for existing files

RewriteCond %{REQUEST_FILENAME} !-f
#

rewrite everything else to index.php

RewriteRule .* ../get.php [L]

As these .htaccess are already there in Magento you dont need to worry.

Some Explanation : With 777 permission there is a probability of someone dropping some .php or other executable file. These .htaccess rules will not allow those files to be executed so even if hacker was successful in placing an executable file it will not get executed.

Upvotes: 1

Francis Kim
Francis Kim

Reputation: 4285

It usually isn't an issue making those directorie 777 as there should be no PHP files residing in them. If in doubt, place the following code in your .htaccess file within those folders, it will deny all PHP files from being run within those directories and sub-directories.

<FilesMatch "\.php$">
    Order Allow,Deny
    Deny from all
</FilesMatch>

Upvotes: 1

Related Questions