views:

24

answers:

2

I am trying to set the least possible permission on a file, and still be upload files and delete them. I normally use "0755", but I think it is still much for just doing uploading and deleting.

A: 

Try 0644. That's "owner read/write, everyone else read". 0755 is the same but adds execute the mix, which you most likely don't want on uploaded files.

And if only the webserver software ever needs to deal the file, you can lock it down further with 0600 (only owner read/write)

Marc B
but I dont think I will be able you upload file, from my CMS
mrNepal
If you're doing it via an HTTP upload, the file would be created under the webserver's ownership (Apache?). So as long as it's at least mode 06xx, Apache can do whatever it wants with it. If you're uploading it seperately (ftp, sftp, scp, etc...), then it would be creatd with the ownership of the account you log in with, in which case you'd need 06x6.
Marc B
So, can i upload and update my files using 0600 using my website?
mrNepal
As long as the ownership matches the user ID you're working under matches. Given permissions digit of xabc, (0644, say), then a is owner, b is group, and c is "everyone else". the x digits are for various sticky bits and their meaning changes depending on what type of file/directory you're setting them on.
Marc B
+1  A: 

You want to list, read & write on a directory, so 0700. Provided you have set up the correct user(s) for the website, script owner, ftp user, etc. If you cannot harmonize these user(s) into one, creating a group with all the stakeholders, making that the owning group & setting the folder to 0770 should work.

For files that are non executable, the same 0600 vs, 0660 applies, unless you need only one writing user (files 0640, directory 0750, owned by the writing user & the stakeholders group).

Wrikken