tags:

views:

90

answers:

2
+1  Q: 

Suggested permissions for website files

As the title suggests, I am curious as to the suggested file/directory permissions for HTML, CSS, Javascript, PHP, etc files on a website.

Prior to today, I have never really thought about it because I used FileZilla on my Windows computer, and it seemed to take care of permissions just fine. I recently switched to Mac, and am using Cyberduck for FTP now, but it seems either I set something wrong somewhere or it bungled permissions, and now you can't access the website I am working on.

What do you say? (and for ease of reading, please don't just post an octal number.)

+1  A: 

Depends on several factors. It sounds like you are probably running something like Apache which reads in HTML files in a directory, then serves them through a webserver. If this is the case, the files need to have permissions such that Apache can read them, so for example you could make them world-readable, or if you wanted to, you could assign them to a UNIX group that whatever user runs Apache is also a member of.

Sasha  2009-08-15 17:15:53
Yes, I am running it on Apache, but it's on a shared host, so I really can't change much of anything in the way of users and groups. I have a user and group both assigned to my account, though.
Austin Hyde  2009-08-15 17:49:51
What I mean is that you can assign group-ownership of the files to a group which contains the user running Apache (presumably this is possible?) If not, just make it world-readable so anyone can read it, and Apache should be able to read it.
Sasha  2009-08-15 18:13:36
+1  A: 

There are some Apache configuration options which may impact what permissions you need to have on your files. Here are some things to check:

  1. Most shared hosting uses Apache in a mode where your website uses your own logon identity to serve files and run scripts (SuexecUserGroup, suEXEC). If this is the case for your host then only the first number of the permissions is relevant. If it's not the case, you may need to set the group and/or world values to at least 4 (eg. 644 which is rw-r--r-- - check Wikipedia for a quick intro).
  2. If your host is using suEXEC then it may be prevented from serving files which are executable for anything other than your own user.
  3. Remember that you should have the execute bit set on any directories
robertc  2009-08-15 18:21:15

related questions

Web framework programming mindset
ASP.NET - asp:xxx Controls versus standard HTML
From Desktop to Web browser considerations
Which PHP Framework will get me to a usable UI the fastest?
Best practice for integrating TDD with web application development?
How to Manage Web Development?
When is a file just a file?
Recommendations for browser add-on tools to help with development
REALLY Simple Website--How Basic Can You Go?
Convince Firefox to send an If-Modified-Since header over HTTPS
What do the getUTC* methods on the date object do?
Planning and Building a mobile enabled site for your main site.
Firebug for IE
Javascript and PHP - Login Script with hidden buttons
Firebug won't display console feeds for some of my sites
Displaying ad content from Respose.WriteFile()/ Response.ContentType
How can I detect if a browser is blocking an popup?
How to Test Web Code?
What PHP framework would you choose for a new application and why?
How do you disable browser Autocomplete on web form field / input tag?
What is Progressive Enhancement?
In HTML, how to word-break on a dash?
The Definitive Guide To Website Authentication
How do you test layout design across multiple browsers/OSs?
How much of the Web build process do you/should you automate?