Reputation: 725
What are the best practices setting file permissions for a PHP website on Apache2/Linux (LAMP)?
What is the minimum permissions to set the site files to, in order to allow apache2/php to execute code, show html/css/js, and for some files update settings download and install plugins.
The websites I am building are either Drupal or Wordpress.
I'd like to set permissions so that www-data has the minimum permissions and the admin (which is me for now) has permissions to allow him to do tasks from an SSH session without needing sudo.
[Edit] I'd like to add that I have full access to the LAMP server via SSH. What I am after is the most restrictive and hence the most secure way to set user and group permissions, so in short:
- What group
- What owner
- What permissions
For all site files for say a wordpress In order to achieve
- Apache can access the files and execute PHP
- For some special files or folders the Wordpress should be able to change
- The admin can easily change files without having to use sudo
Upvotes: 0
Views: 2811
Answers (1)
Reputation: 4364
Mostly the directory should have the permission set to 755. If you set it to 777 then the files can be written there. Files should be, at most, 664. If you use the WP editor, you might need these files to be 666 but you really should revert them back to 664 after making any changes. Never specify files greater than 666 unless specified.
Some hosting only allow uploads on 777 permission only avoid such and try contacting hosting for this.
See at https://codex.wordpress.org/Changing_File_Permissions
Upvotes: 1
Related Questions
- What are the differences in die() and exit() in PHP?
- Secure hash and salt for PHP passwords
- Reference - What does this error mean in PHP?
- How can I add a PHP page to WordPress?
- How to add users to Docker container?
- How to set up file permissions for Laravel?
- How should I ethically approach user password storage for later plaintext retrieval?