I recently saw that the default permission of folders in /media/storage is 777. I change all folder permissions in 755, however if a user add a new product with image, the new folder have the permission 777.
Is there a config file for change this value ?
Actually, the /var/ and /media/folders are recommended to go with 777 permissions, otherwise your users won’t be able to browse the store. As to other folders, you did good to change the permissions to 755, it is safer. (this post would prove it)
You should also make sure your files have permissions set to 644.
May be you can try it out with this method for setting up your file permission,
1. First, connect your FTP client to your web server.
2. Locate the file you want to change the mode (ie., CHMOD).
3. Now make a right-click on the file in your web server and select the file permissions to open the file attributes for the file.
4. In the file attribute, enter the permission number in the numeric value text field by the plugin or theme developer (it may be 644 or 755) for your file.
5. Finally save the file and the new permission is assigned to the file.
I bumped into this page that explains also how to setup correctly users and groups:
http://www.sonassi.com/knowledge-base/stop-magento-permissions-errors-permanently/
Actually, the /var/ and /media/folders are recommended to go with 777 permissions, otherwise your users won’t be able to browse the store.
Magento does NOT recommend 777 permissions on any folders on the server. If users can’t browse the store with 750 permissions on /var and /media, then either the group membership for your web server user or the ownership of the files/folders has not been set appropriately.
Actually, the /var/ and /media/folders are recommended to go with 777 permissions, otherwise your users won’t be able to browse the store. As to other folders, you did good to change the permissions to 755, it is safer. (this post would prove it)
You should also make sure your files have permissions set to 644.
I am agree with you . I always prefer 644 mode due to files security permission.
Create group which will own /www/… and add apache user www:data to it. Or do I just use user without group? I havent not understood why using user withing group is more secure.
Then create user nr 2 that will own /media/…
Rssh restrict both. Allow user 2 sftp. What do I write in rssh config to allow sftp for user n2 only?
Set user nr 1 to /www and user nr 2 to /media. Whats the best way to do it with rssh?
If rssh mask 022 is used new files created will be readable but not executable if I understood correctly. Which is fine?
Can using 750 and 640 pose any issues with 3rd party modules.
Alex.
