How to set file permissions on the server?
YACS attempts to write a number of files, including configuration parameters, user-provided files, images and even PHP scripts. Read this page to learn on common permission settings compatible with YACS.
As you may know, every directory and file on a Unix system has an owner, and
also an associated group. It also has a set of permission flags which specify
separate read, write and execute permissions for the 'user' (owner), 'group',
and 'other' (everyone else with an account on the computer). The 'ls' command
shows permissions and group associated with files when used with the -l option.
To understand permissions set by the 'chmod' command, remind that these are numerically equivalent to those reported by the 'ls' command, namely: - 7 means "may read, write, and execute" - 6 means "may read and write" - 4 means "may read" - 0 means "forbidden access"
Normally, user/group information is set based on the FTP account used to upload YACS files to the web server, for example foobar/users.
Ideally, a properly configured web server should impersonate you when executing your scripts, for example with user/group information set to foobar/nobody. In this case the server has exactly the same rights that you have through FTP, and you can 'chmod' everything to 700 if you like.
Sometimes, the web daemon uses dedicated accounts, such as apache/www-data. In that case the web daemon effectively has no rights to your files.
How to overcome this?
[title]Solution 1. Impersonate your account[/title]
Ask your system administrator to run your scripts with your account information, as explained before. See http://www.suphp.org for a practical solution.
[title]Solution 2. Open to the world[/title]
You can attempt to 'chmod' everything to 707, to give maximum permissions to the world, including the web daemon. Check actual results with 'ls -l', since your account may be prevented to do this. For example:
[title]Solution 3. Use web daemon group[/title]
Another option is to change group information of all files, to re-use the one of the web daemon. Then you will have to give maximum permissions to the group. For example:
[title]Solution 4. Set web daemon in your group[/title]
Ask your system administrator to put the web user account in your own group, and then give maximum permissions to the group. For example:
[title]Solution 5. Safe Mode[/title]
If the PHP environment is in safe mode, you should change that the http daemon has the same uid (owner) than the owner of files and directories. You can either ask your system administrator to impersonate your account(see solution 1), or ask him to change ownership of the YACS directory.
Example allowed only to root users:
To understand permissions set by the 'chmod' command, remind that these are numerically equivalent to those reported by the 'ls' command, namely: - 7 means "may read, write, and execute" - 6 means "may read and write" - 4 means "may read" - 0 means "forbidden access"
Normally, user/group information is set based on the FTP account used to upload YACS files to the web server, for example foobar/users.
Ideally, a properly configured web server should impersonate you when executing your scripts, for example with user/group information set to foobar/nobody. In this case the server has exactly the same rights that you have through FTP, and you can 'chmod' everything to 700 if you like.
Sometimes, the web daemon uses dedicated accounts, such as apache/www-data. In that case the web daemon effectively has no rights to your files.
How to overcome this?
[title]Solution 1. Impersonate your account[/title]
Ask your system administrator to run your scripts with your account information, as explained before. See http://www.suphp.org for a practical solution.
[title]Solution 2. Open to the world[/title]
You can attempt to 'chmod' everything to 707, to give maximum permissions to the world, including the web daemon. Check actual results with 'ls -l', since your account may be prevented to do this. For example:
cd your_installation_directory
chmod -R 707 .
ls -l
[title]Solution 3. Use web daemon group[/title]
Another option is to change group information of all files, to re-use the one of the web daemon. Then you will have to give maximum permissions to the group. For example:
cd your_installation_directory
chgrp -R www-data .
chmod -R 770 .
[title]Solution 4. Set web daemon in your group[/title]
Ask your system administrator to put the web user account in your own group, and then give maximum permissions to the group. For example:
cd your_installation_directory
chmod -R 770 .
[title]Solution 5. Safe Mode[/title]
If the PHP environment is in safe mode, you should change that the http daemon has the same uid (owner) than the owner of files and directories. You can either ask your system administrator to impersonate your account(see solution 1), or ask him to change ownership of the YACS directory.
Example allowed only to root users:
cd your_installation_directory
chown -R www-data .