b2evolution

More than a blog!
Home About Demo Download Hosting Extend Docs Forums
Powered by MediaWiki
Personal tools

Directory and file permissions

From b2evolution manual

Jump to: navigation, search

This manual page is outdated. NEW PAGE: Directory and File Permissions in b2evolution v5+.

Contents

[edit] What are file permissions?

UNIX/Linux file permissions are a way to control who can read and/or write files on your hosting account. On a shared hosting server, this will (on serious web hosting providers) prevent another user from modifying your website!

When you upload files to your webserver by FTP, those files are saved on the server with some specific access permissions. Typically, everyone will be able to "read" the files and subdirectories, that is: view them through the webserver, but only you and you alone (when you log into the FTP server) will be able to "write" to these files/subdirectories and modify them.

[edit] Why should I care?

If you are lucky, your web hosting provider has all the file permissions set up in such an effective way that you will never need to care. However, if you get a "file permission error" at some point, here is why... and how to fix it...

For some specific actions, b2evolution will need "write" access to some files. For example, b2evo will need to write new files when you use b2evo to upload an image or generate a static .html file. The problem is: b2evo is not you. More specifically: the PHP process that runs b2evo is not you! And the PHP process may not have permission to write files as you do.

Thus you may need to change the permissions on some files and subdirectories in order to allow b2evo to write there and perform the requested actions.

[edit] Why wasn't this done automatically on install?

Because if PHP has no permission to write to a file, then PHP has no permission to give itself write permission either. That makes sense from a security perspective, doesn't it?

You should actually blame this on your hosting admin who decided PHP would not be allowed to write to files by default. On shared hosts, the hosting company should actually be using mod_suphp in order for your PHP scripts to run under your own user account, thus enforcing the best possible isolation from other users on the same server, and resolving all file permission issues at the same time. The single fact that you run into file permission issues on a shared host is a bad sign regarding the security setup of your host. (If you run your own private/dedicated server though, this is normal and will generally lead to better performance.)

[edit] How do I change file permissions?

First, you may need or wish to understand how file permissions work. Most webservers run some variant of UNIX/Linux. On these systems, file permissions can be changed via chmod. If you're not familiar with UNIX file permissions and chmod, check out Apache Web Server Chmod and Ascii Mode Explained or [A quick and dirty chmod Tutorial]. If your server is running Windows you probably don't need to change anything.

There are several possible ways to change file permissions on a UNIX/linux webserver:

  • with the "change permissions" option of your current FTP client program like FileZilla (see your FTP documentation)
  • with the file manager of your web hosting control panel (see your host documentation)
  • by issuing chmod shell commands (if you're not familiar with shell access, use one of the above)

[edit] What files/subdirectories do need specific permissions?

[edit] /blogs/media/ sub-directories

There is a helpful script in the debugging page that helps you determining the current situation of the permissions in the /media/ folder.

The following directories need to be writable by the webserver:

  • /blogs/media/blogs (Base directory for blogs)
  • /blogs/media/users (Base directory for users)

The exact permissions you want to give to those folders depend on your web host setup. You may want to give full access "0777" but that may not be very secure. Ask your host's technical support for details specific to your hosting plan.

If you have shell access, the command to grant full access, recursively, on all sub-directories and files of the /media folder is this: 

chmod 777 /path/to/blogs/media/blogs/ -R

[edit] /blogs/conf/_basic_config.php

This file is critical, because it includes your database password! You want to protect that password from other users as much as possible.

This file needs to be writable by the webserver during installation, unless you want to manually edit the file. This file should have the most restrictive permissions possible: "0600" would be the best. If you are not sure, try it in the following order: "0600", "0660"and (if necessary) "0666".

After installation the file does not need to be writable anymore. At that time you may lower permissions to, in order of preference: "0400", "0440"or (if necessary) "0444".

[edit] Other

Allow creation of blog stub files from the admin interface or to generate static pages for your blogs: 

 chmod 777 path/to/blogs

If you want to use the template editor for the custom skin: 

 chmod 666 path/to/blogs/skins/custom/*

[edit] FTP Clients

Contrary to popular belief, when your FTP client cannot change the permissions of a file, it is *not* an issue with the FTP client. It is an issue with the permissions themselves. For example: you don't *own* the file you want to change permissions for. If you can't figure out how to change the permissions of a given file, contact your hosting tech support. That is what they are here for ;)

Retrieved from "http://manual.b2evolution.net/Directory_and_file_permissions"

b2evolution is maintained by François Planque / The Evo Factory · The wiki is maintained by Halton Stewart · Contact · Team