Want to subscribe to topics you're interested in?
Become a Member

What is the ideal chmod permission for xenforo and wordpress

Discussion in 'System Administration' started by negative, Dec 16, 2015.

Tags:
  1. negative

    negative Member

    212
    20
    18
    Apr 11, 2015
    Ratings:
    +48
    Local Time:
    2:11 PM
    1.9.10
    10.1.11
    Hello

    Especially for centminmod users on dedicated servers what is the ideal chmod permissions for xenforo and wordpress. Because, that is the first security factor i think.

    As we know, nginx working with "nginx" user and usergroup and owner of all files is the "nginx" . Also, i see listen.mode is 666 on php-fpm.conf i don't know if related with that so as a result what's your folder and file permission with exceptions on special directories. (like some upload directories is 777)

    Firstly, we are waiting answer from @eva2000 because of experience :)

    Thanks for your advices.
     
  2. RoldanLT

    RoldanLT Well-Known Member

    3,830
    929
    113
    May 25, 2014
    Phillipines
    Ratings:
    +1,258
    Local Time:
    7:11 PM
    1.11
    10.2
    I hosted WP and XF sites.
    And I do not use chmod 777 at all.
    All 755 for folders and 644 for files.
    Be sure all of it owned by nginx:nginx.
     
  3. eva2000

    eva2000 Administrator Staff Member

    29,033
    6,589
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +9,782
    Local Time:
    9:11 PM
    Nginx 1.13.x
    MariaDB 5.5
    Technically what @RoldanLT said is right for Centmin Mod setups the default folder and file permissions of 755 or 644 are all that is needed provided files and directories are owned by nginx user and group.

    permissions on data ,internal_data, data/avatars where Access = 0755 and Uid = nginx Gid = nginx
    Code:
    stat {data,internal_data,data/avatars} | egrep 'File|Access: '
      File: `data'
    Access: (0755/drwxr-xr-x)  Uid: (  500/   nginx)   Gid: (  500/   nginx)
    Access: 2015-12-16 09:33:00.431023482 +0000
    
      File: `internal_data'
    Access: (0755/drwxr-xr-x)  Uid: (  500/   nginx)   Gid: (  500/   nginx)
    Access: 2015-12-16 09:31:24.429024542 +0000
    
      File: `data/avatars'
    Access: (0755/drwxr-xr-x)  Uid: (  500/   nginx)   Gid: (  500/   nginx)
    Access: 2015-12-16 09:33:26.974024053 +0000
    If you uploaded directories via ftp or created via ssh, they may have 2755 permissions which is normal too the 2 is for setgid bit, meaning any files or directories created within the directory are owned by nginx group regardless of the user group of the user who created them

    i.e. created testdir as root user
    Code:
    drwxr-sr-x 2 root  nginx 4.0K Dec 16 09:32 testdir
    Code:
    stat testdir 
      File: `testdir'
      Size: 4096            Blocks: 8          IO Block: 4096   directory
    Device: fd00h/64768d    Inode: 416091      Links: 2
    Access: (2755/drwxr-sr-x)  Uid: (    0/    root)   Gid: (  500/   nginx)
    Access: 2015-12-16 09:56:09.625560712 +0000
    Modify: 2015-12-16 09:32:29.798024326 +0000
    Change: 2015-12-16 09:32:29.798024326 +0000
    Just be aware, if you ever move data away from Centmin Mod server to another control panel or non-Centmin Mod server, you may end up with broken site due to permission differences where they may require 666 file or 777 directory permissions for that server setup.
     
    Last edited: Dec 16, 2015
  4. Jota

    Jota Member

    75
    18
    8
    Oct 9, 2014
    Ratings:
    +20
    Local Time:
    9:11 PM
    Hey !

    I'm having issues with a WP install and some plugins.

    Is that a script to fix those permissions ?
     
  5. eva2000

    eva2000 Administrator Staff Member

    29,033
    6,589
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +9,782
    Local Time:
    9:11 PM
    Nginx 1.13.x
    MariaDB 5.5
    there's no script to fix that, you'd have to double check and manually fix permission issues if you have any..

    you can use getfacl command to recursive list all directory and file's permissions to check privately

    i.e.
    Code (Text):
    getfacl -R --tabular --absolute-names /home/nginx/domains/demodomain.com/public

    sample output for /home/nginx/domains/demodomain.com/public
    Code (Text):
    getfacl -R --tabular --absolute-names /home/nginx/domains/demodomain.com/public
    # file: /home/nginx/domains/demodomain.com/public
    USER   nginx     rwx    
    GROUP  nginx     r-x    
    other            ---    
    
    # file: /home/nginx/domains/demodomain.com/public/maintenance.html
    USER   nginx     rw-    
    GROUP  nginx     r--    
    other            ---    
    
    # file: /home/nginx/domains/demodomain.com/public/403.html
    USER   nginx     rw-    
    GROUP  nginx     r--    
    other            ---    
    
    # file: /home/nginx/domains/demodomain.com/public/502.html
    USER   nginx     rw-    
    GROUP  nginx     r--    
    other            ---    
    
    # file: /home/nginx/domains/demodomain.com/public/504.html
    USER   nginx     rw-    
    GROUP  nginx     r--    
    other            ---    
    
    # file: /home/nginx/domains/demodomain.com/public/500.html
    USER   nginx     rw-    
    GROUP  nginx     r--    
    other            ---    
    
    # file: /home/nginx/domains/demodomain.com/public/index.html
    USER   nginx     rw-    
    GROUP  nginx     r--    
    other            ---    
    
    # file: /home/nginx/domains/demodomain.com/public/503.jpg
    USER   nginx     rw-    
    GROUP  nginx     r--    
    other            ---    
    
    # file: /home/nginx/domains/demodomain.com/public/503.html
    USER   nginx     rw-    
    GROUP  nginx     r--    
    other            ---    
    
    # file: /home/nginx/domains/demodomain.com/public/50x.html
    USER   nginx     rw-    
    GROUP  nginx     r--    
    other            ---    
    
    # file: /home/nginx/domains/demodomain.com/public/404.html
    USER   nginx     rw-    
    GROUP  nginx     r--    
    other            ---    
    
     
    • Informative Informative x 2
  6. RoldanLT

    RoldanLT Well-Known Member

    3,830
    929
    113
    May 25, 2014
    Phillipines
    Ratings:
    +1,258
    Local Time:
    7:11 PM
    1.11
    10.2
    This should be enough to fix all files/folder permissions:
     
    • Like Like x 1
    • Winner Winner x 1
    • Informative Informative x 1
  7. Sunka

    Sunka Active Member

    888
    230
    43
    Oct 31, 2015
    Rijeka, Croatia
    Ratings:
    +376
    Local Time:
    1:11 PM
    Nginx 1.13.3
    MariaDB 10.1.24
    Just in case, for all XenForo files and folders that would be OK too?
     
  8. RoldanLT

    RoldanLT Well-Known Member

    3,830
    929
    113
    May 25, 2014
    Phillipines
    Ratings:
    +1,258
    Local Time:
    7:11 PM
    1.11
    10.2
    Yes of course (y).
     
    • Like Like x 1
  9. RoldanLT

    RoldanLT Well-Known Member

    3,830
    929
    113
    May 25, 2014
    Phillipines
    Ratings:
    +1,258
    Local Time:
    7:11 PM
    1.11
    10.2
    FYI: There's no need for us to use chmod 777.
     
  10. eva2000

    eva2000 Administrator Staff Member

    29,033
    6,589
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +9,782
    Local Time:
    9:11 PM
    Nginx 1.13.x
    MariaDB 5.5
    that works :)
     
  11. KeVo

    KeVo Active Member

    179
    70
    28
    May 28, 2014
    Ratings:
    +100
    Local Time:
    6:11 AM
    1.11.x
    10.1.18
    Do you change the /data and /internal_data directories back to 755 after installing a fresh XenForo board?
     
  12. RoldanLT

    RoldanLT Well-Known Member

    3,830
    929
    113
    May 25, 2014
    Phillipines
    Ratings:
    +1,258
    Local Time:
    7:11 PM
    1.11
    10.2
    Even on installation I always use 755 for all that directory.
     
  13. KeVo

    KeVo Active Member

    179
    70
    28
    May 28, 2014
    Ratings:
    +100
    Local Time:
    6:11 AM
    1.11.x
    10.1.18
    How do You get the forum to install? Doesn't it require 0777 permission prior to installation?
     
  14. RoldanLT

    RoldanLT Well-Known Member

    3,830
    929
    113
    May 25, 2014
    Phillipines
    Ratings:
    +1,258
    Local Time:
    7:11 PM
    1.11
    10.2
    As long as it's own by nginx:nginx, XenForo will install fine.
    No need for 777.
     
    • Informative Informative x 2
  15. KeVo

    KeVo Active Member

    179
    70
    28
    May 28, 2014
    Ratings:
    +100
    Local Time:
    6:11 AM
    1.11.x
    10.1.18
    I never knew that! I've always done the chown -R nginx command AFTER install. Learned something New today. :D
     
    • Like Like x 1
  16. Jota

    Jota Member

    75
    18
    8
    Oct 9, 2014
    Ratings:
    +20
    Local Time:
    9:11 PM
    Hey mates, I can verify that this fixed my issues and suggested script worked like a charm !

    Thanks @RoldanLT ! ;)
     
    • Like Like x 1