Come together with the global Drupal community in Rotterdam, 28 Sept – 1 Oct 2026. Sessions, contribution, connection, and Early Bird savings until 8 June.
By larry on
seasons greetings everyone,
I recently dumped windows and moved a site I have over to SuSe linux. A problem I'm having is deciding folder permissions for my 'files' and 'temp' folders. I get the message that they are not writable at 755. The only permission settings drupal will accept are 757 or 777. On windows, bill gates and gang were nice enough to take care of this for me...now I'm in penguin land so I need to learn a bit. I have my own dedicated server so sharing is not an issue here. Security is...this is one reason I dumped windows. Now I just need to learn the linux way. So...my question is...what permissions should my 'files' and 'temp' folders have...757 or 777. Do they actually need to be open to the world like this?
tks,
larry
Comments
unix permissions
There is no one setting that works for everyone - it depends on the server configuration.
The reason you (currently) need the directory world writable is that your webserver runs under a different user account than the account (eg you) that created the files and directories.
More info is under this part of the handbook:
http://drupal.org/node/34022
One thing you can do to allow you to set the files directory as 775 (or 770 if you prefer), is to change the group owner of the files directory to the primary group of the webserver. That way the webserver can use the group permissions to get write access the directory.
eg on Debian you would do something like:
The group name may be different on Suse, you'll need to find that out.
--
Anton
New to Drupal? | Troubleshooting FAQ
Example knowledge base built with Drupal
very informative...
Hello Anton,
I thank you for your information and suggestions. The links you provided are very helpful and I will go through them right now. I guess my real question is, do permissions such as 755 and 777 really represent danger to the server? If so...what exactly? Silly questions I know. My guts and what little I know about unix systems tell me...duh, yeah. But, I have to ask because unix systems are not what they often appear to be and are far more robust than one would think...at least to me. Then again, I've been spoon fed windows for many years. Thanks again for sharing your hard earned knowledge. Much appreciated.
ciao,
larry
--There are no Kangaroos in Austria--
the typical answer is:
It depends.
As you know security of something isn't an absolute, it is a continuum. Something that is world writable is less secure than something that isn't, but whether or not that makes any difference depends on the situation.
If there are no other people that can log onto your machine, and as long as you have no vulnerabilities in other software then having your files directory world writable will not really make any difference in your sites overall security.
Likewise while making the directory writable by only the web server group is more secure than having it world writable, it is only one small aspect and will only add an incremental level of extra security which way still be bypassed in other ways anyway. But good security is about adding up lots of little parts and layers.
If you are on shared hosting, any real level of security from filesystem permissions is difficult to attain anyway.
Then you also need to consider what is actually in the files directory. It is stuff that is generally more dangerous to people downloading your files rather than directly dangerous to your site. Drupal (with .htaccess files) prevents the server executing anything in there, so for the most part even if someone replaced files in there with something bad it mostly poses a risk to those that download them. Which is still bad in its own right, and may even indirectly compromise your site if your privileged users get their computers compromised.
Does that help?
--
Anton
New to Drupal? | Troubleshooting FAQ
Example knowledge base built with Drupal
that helps a great deal
Hello Anton,
Clearly, I need to do a bit more research on this, but I greatly appreciate the suggestions and direction you have given me. Time for me to start reading a bit more about security on unix systems.
Thanks again.
Ciao,
larry
--There are no Kangaroos in Austria--