1

securing my server i found that using:

find . -type f -exec chmod 400 {} \;
find . -type d -exec chmod 500 {} \;

display 403 forbidden access.

if I use: 

find . -type f -exec chmod 644 {} \;
find . -type d -exec chmod 755 {} \;

the server displays but i can have access from the internet to some folders directories.

my current folder owners are root - www-data for var/www/domain/public.

i would like to perform 400-500 permissions with my website displaying results on the internet with current www-data user, or another option could be to block directory display of folders. any help appreciated.

s_h
  • 113

1 Answers1

1

The files need r and directory needs to be rx by the user www-data.

So, with what you want ...

find . -type f -exec chmod 440 {} \;
find . -type d -exec chmod 550 {} \;

Just make SURE you run that command from /var/www and not /

See also How to avoid using sudo when working in /var/www? or similar.

You may need looser permissions depending on what you are doing in /var/www. You may need to allow rwx on directories where users would download files, such as avatars on forums for example, or allowing x on CGI .

Community
  • 1
Panther
  • 102,067
  • i tried that. its seems to be a problem of www-data group or something similar. im receiving 403 forbidden after chmod440 and 550 in www/var/ – s_h Sep 27 '13 at 18:13
  • probably i can add another user to folder owner "root - www-data - other user" in order to check if will give me access from the internet. in your opinion could this be a solution?. in the post you share it says that www-data must not own web content.. – s_h Sep 27 '13 at 18:17
  • Hard to know without additional information. What are you running on your web server ? php ? other CGI ? cache ? Ownership and permissions are controversial, and more then one "solution" exists. Personally I use root:www-data with permissions above, but, for some uses permissions need to be looser. Specifically www-data may need x or w. Try setting permissions to 770 on files and directories. I assume that will work, you then need to figure out want you are doing that needs rx access. – Panther Sep 27 '13 at 18:27
  • i made a mistake, it seems that i placed 755 permissions on /var level and then i faced all this inconveniences trying to solve it thanks! – s_h Sep 27 '13 at 18:33
  • 1
    Yea, that happens when using "." with your find. In general, try to be more specific, "/var/www/" would be better, especially when running as root. – Panther Sep 27 '13 at 18:35