File Permissions

mightymango

We've just had to move our sites to a different host and are having problems with files such as conf/settings.php not being 'writeable'.

On our old server these files had their permissions set to 0644 but now Vanilla falls over unless these files are set to 0666.

• Does anyone know if setting a file permission to 0666 presents a security issue?
• Anyone have any idea why the new server might not allow php to write to files whose permissions are set to 0644?

Don't really want to have to trawl through all the Vanilla files and extension to find which files need to be 'writeable' and change them to 0666.

Hope this makes sense to someone!

mattucf

On the old server, the vanilla files must have been owned by the user id that the web server runs under. A mode of 0644 means that only the owner of the file can modify it.

mightymango

Thanks mattucf.

Just trying to sort this out with the tech people on our host server. Is there an issue with files being set to 0666?

This is an area that I'dont know a lot about
Do I need to ask them to create a user for php files and give that user ownership of php files?

mattucf

I won't say that there's no risk with setting 666 on the files in conf/ (everybody on the system can edit them, after all). But if there are nightly backups on that machine, don't sweat it too much.

Grahack

Your 'tech' fellows must know what is the user the webserver runs under. Could be www-data for example. Then try to set chmod back to 644 after a
chown www-data:www-data /path/to/conf/settings.php