Learn about Centmin Mod LEMP Stack today
Register Now

What is the ideal chmod permission for xenforo and wordpress

Discussion in 'System Administration' started by negative, Dec 16, 2015.

Tags:
  1. negative

    negative Active Member

    415
    50
    28
    Apr 11, 2015
    Ratings:
    +98
    Local Time:
    7:30 AM
    1.9.10
    10.1.11
    Hello

    Especially for centminmod users on dedicated servers what is the ideal chmod permissions for xenforo and wordpress. Because, that is the first security factor i think.


    As we know, nginx working with "nginx" user and usergroup and owner of all files is the "nginx" . Also, i see listen.mode is 666 on php-fpm.conf i don't know if related with that so as a result what's your folder and file permission with exceptions on special directories. (like some upload directories is 777)

    Firstly, we are waiting answer from @eva2000 because of experience :)

    Thanks for your advices.
     
  2. rdan

    rdan Well-Known Member

    5,439
    1,398
    113
    May 25, 2014
    Ratings:
    +2,187
    Local Time:
    12:30 PM
    Mainline
    10.2
    I hosted WP and XF sites.
    And I do not use chmod 777 at all.
    All 755 for folders and 644 for files.
    Be sure all of it owned by nginx:nginx.
     
  3. eva2000

    eva2000 Administrator Staff Member

    53,211
    12,113
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,650
    Local Time:
    2:30 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    Technically what @RoldanLT said is right for Centmin Mod setups the default folder and file permissions of 755 or 644 are all that is needed provided files and directories are owned by nginx user and group.

    permissions on data ,internal_data, data/avatars where Access = 0755 and Uid = nginx Gid = nginx
    Code:
    stat {data,internal_data,data/avatars} | egrep 'File|Access: '
      File: `data'
    Access: (0755/drwxr-xr-x)  Uid: (  500/   nginx)   Gid: (  500/   nginx)
    Access: 2015-12-16 09:33:00.431023482 +0000
    
      File: `internal_data'
    Access: (0755/drwxr-xr-x)  Uid: (  500/   nginx)   Gid: (  500/   nginx)
    Access: 2015-12-16 09:31:24.429024542 +0000
    
      File: `data/avatars'
    Access: (0755/drwxr-xr-x)  Uid: (  500/   nginx)   Gid: (  500/   nginx)
    Access: 2015-12-16 09:33:26.974024053 +0000
    If you uploaded directories via ftp or created via ssh, they may have 2755 permissions which is normal too the 2 is for setgid bit, meaning any files or directories created within the directory are owned by nginx group regardless of the user group of the user who created them

    i.e. created testdir as root user
    Code:
    drwxr-sr-x 2 root  nginx 4.0K Dec 16 09:32 testdir
    Code:
    stat testdir 
      File: `testdir'
      Size: 4096            Blocks: 8          IO Block: 4096   directory
    Device: fd00h/64768d    Inode: 416091      Links: 2
    Access: (2755/drwxr-sr-x)  Uid: (    0/    root)   Gid: (  500/   nginx)
    Access: 2015-12-16 09:56:09.625560712 +0000
    Modify: 2015-12-16 09:32:29.798024326 +0000
    Change: 2015-12-16 09:32:29.798024326 +0000
    Just be aware, if you ever move data away from Centmin Mod server to another control panel or non-Centmin Mod server, you may end up with broken site due to permission differences where they may require 666 file or 777 directory permissions for that server setup.
     
    Last edited: Dec 16, 2015
  4. Jota

    Jota Member

    78
    18
    8
    Oct 9, 2014
    Barcelona
    Ratings:
    +20
    Local Time:
    7:30 AM
    Hey !

    I'm having issues with a WP install and some plugins.

    Is that a script to fix those permissions ?
     
  5. eva2000

    eva2000 Administrator Staff Member

    53,211
    12,113
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,650
    Local Time:
    2:30 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    there's no script to fix that, you'd have to double check and manually fix permission issues if you have any..

    you can use getfacl command to recursive list all directory and file's permissions to check privately

    i.e.
    Code (Text):
    getfacl -R --tabular --absolute-names /home/nginx/domains/demodomain.com/public

    sample output for /home/nginx/domains/demodomain.com/public
    Code (Text):
    getfacl -R --tabular --absolute-names /home/nginx/domains/demodomain.com/public
    # file: /home/nginx/domains/demodomain.com/public
    USER   nginx     rwx    
    GROUP  nginx     r-x    
    other            ---    
    
    # file: /home/nginx/domains/demodomain.com/public/maintenance.html
    USER   nginx     rw-    
    GROUP  nginx     r--    
    other            ---    
    
    # file: /home/nginx/domains/demodomain.com/public/403.html
    USER   nginx     rw-    
    GROUP  nginx     r--    
    other            ---    
    
    # file: /home/nginx/domains/demodomain.com/public/502.html
    USER   nginx     rw-    
    GROUP  nginx     r--    
    other            ---    
    
    # file: /home/nginx/domains/demodomain.com/public/504.html
    USER   nginx     rw-    
    GROUP  nginx     r--    
    other            ---    
    
    # file: /home/nginx/domains/demodomain.com/public/500.html
    USER   nginx     rw-    
    GROUP  nginx     r--    
    other            ---    
    
    # file: /home/nginx/domains/demodomain.com/public/index.html
    USER   nginx     rw-    
    GROUP  nginx     r--    
    other            ---    
    
    # file: /home/nginx/domains/demodomain.com/public/503.jpg
    USER   nginx     rw-    
    GROUP  nginx     r--    
    other            ---    
    
    # file: /home/nginx/domains/demodomain.com/public/503.html
    USER   nginx     rw-    
    GROUP  nginx     r--    
    other            ---    
    
    # file: /home/nginx/domains/demodomain.com/public/50x.html
    USER   nginx     rw-    
    GROUP  nginx     r--    
    other            ---    
    
    # file: /home/nginx/domains/demodomain.com/public/404.html
    USER   nginx     rw-    
    GROUP  nginx     r--    
    other            ---    
    
     
  6. rdan

    rdan Well-Known Member

    5,439
    1,398
    113
    May 25, 2014
    Ratings:
    +2,187
    Local Time:
    12:30 PM
    Mainline
    10.2
    This should be enough to fix all files/folder permissions:
     
  7. Sunka

    Sunka Well-Known Member

    1,150
    325
    83
    Oct 31, 2015
    Pula, Croatia
    Ratings:
    +525
    Local Time:
    6:30 AM
    Nginx 1.17.9
    MariaDB 10.3.22
    Just in case, for all XenForo files and folders that would be OK too?
     
  8. rdan

    rdan Well-Known Member

    5,439
    1,398
    113
    May 25, 2014
    Ratings:
    +2,187
    Local Time:
    12:30 PM
    Mainline
    10.2
    Yes of course (y).
     
  9. rdan

    rdan Well-Known Member

    5,439
    1,398
    113
    May 25, 2014
    Ratings:
    +2,187
    Local Time:
    12:30 PM
    Mainline
    10.2
    FYI: There's no need for us to use chmod 777.
     
  10. eva2000

    eva2000 Administrator Staff Member

    53,211
    12,113
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,650
    Local Time:
    2:30 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    that works :)
     
  11. KeVo

    KeVo Active Member

    180
    71
    28
    May 28, 2014
    Ratings:
    +101
    Local Time:
    11:30 PM
    1.11.x
    10.1.18
    Do you change the /data and /internal_data directories back to 755 after installing a fresh XenForo board?
     
  12. rdan

    rdan Well-Known Member

    5,439
    1,398
    113
    May 25, 2014
    Ratings:
    +2,187
    Local Time:
    12:30 PM
    Mainline
    10.2
    Even on installation I always use 755 for all that directory.
     
  13. KeVo

    KeVo Active Member

    180
    71
    28
    May 28, 2014
    Ratings:
    +101
    Local Time:
    11:30 PM
    1.11.x
    10.1.18
    How do You get the forum to install? Doesn't it require 0777 permission prior to installation?
     
  14. rdan

    rdan Well-Known Member

    5,439
    1,398
    113
    May 25, 2014
    Ratings:
    +2,187
    Local Time:
    12:30 PM
    Mainline
    10.2
    As long as it's own by nginx:nginx, XenForo will install fine.
    No need for 777.
     
  15. KeVo

    KeVo Active Member

    180
    71
    28
    May 28, 2014
    Ratings:
    +101
    Local Time:
    11:30 PM
    1.11.x
    10.1.18
    I never knew that! I've always done the chown -R nginx command AFTER install. Learned something New today. :D
     
  16. Jota

    Jota Member

    78
    18
    8
    Oct 9, 2014
    Barcelona
    Ratings:
    +20
    Local Time:
    7:30 AM
    Hey mates, I can verify that this fixed my issues and suggested script worked like a charm !

    Thanks @RoldanLT ! ;)