Posting in the Magento forums has been disabled pending the implementation of a new and improved forum solution which should better serve the community.

For new questions please post at magento.stackexchange.com, the community-run support site for the Magento community. We will be providing updates on the new forum solution soon. For questions or concerns please email community@magento.com.

Magento Forum

Magento permissions
 
fanis
Member
 
Avatar
Total Posts:  72
Joined:  2009-11-24
 

Hi all,

I have read many articles on this. I am just posting this thread in order to make sure everything i understand is correct since i am quite worried.

What are the permissions needed to be set to a magento website? I have created a website and its now complete. Howver i noticed from the url path i could access folders and files. This is something very bad rasberry So i realized i need to set permissions to all directories and files to prevent this.

I read somewhere that all folders need to be set to 750 and all files need to be set to 640. Except from the following:

770 /your/magento/app/etc
770 /your/magento/var
770 /your/magento/media
770 /your/magento/media/downloadable
770 /your/magento/media/import

If i go and set the permissions to my magento website as per above...will i be able to use magento connect to install any possible modules or updates? If no i will have to set everything to 777 install the module and then return them back to the above mentioned?

Can someone confirm all said and perhaps comment if something is not correct?

Thank you in advance

 
Magento Community Magento Community
Magento Community
Magento Community
 
fanis
Member
 
Avatar
Total Posts:  72
Joined:  2009-11-24
 

Basically my problem right now is that fon my /skin and /media folder evrything can be accessed through the url path. If for example i right click on an image in my website and display on a new window, go to the url path in the address field and delete the name of the image leaving it www.mywebsiteaddress.com/.../images/ i can browse through the directories

 
Magento Community Magento Community
Magento Community
Magento Community
 
ggchamp
Sr. Member
 
Total Posts:  153
Joined:  2009-04-30
 

Pretty big issue i have this same deal i cant install extensions because i dont want to 777 my public folders.

 
Magento Community Magento Community
Magento Community
Magento Community
 
WebhostUK LTD
Sr. Member
 
Avatar
Total Posts:  163
Joined:  2009-08-27
UK
 

Hello,

compile you php and to enable suphp on your server, using suphp you will require 755 folder folder and 644 for files.

this will make things much safer for you.

 
Magento Community Magento Community
Magento Community
Magento Community
 
ggchamp
Sr. Member
 
Total Posts:  153
Joined:  2009-04-30
 
WebhostUK LTD - 20 April 2010 06:22 PM

Hello,

compile you php and to enable suphp on your server, using suphp you will require 755 folder folder and 644 for files.

this will make things much safer for you.

Ok ill try that thanks for the reply

 
Magento Community Magento Community
Magento Community
Magento Community
 
ibasket
Jr. Member
 
Avatar
Total Posts:  26
Joined:  2008-06-06
London
 

Here’s what i do,

Download the Magento cleanup tool from here:
http://www.magentocommerce.com/wiki/groups/227/resetting_file_permissions

I have 2 versions of this file, one for setting permissions for security (as downloaded).
And one for setting all to 777 for loading features/magento connect.

The one for features i changed this line:

function AllDirChmod( $dir = “./”, $dirModes = 0755, $fileModes = 0644 ){

to

function AllDirChmod( $dir = “./”, $dirModes = 0777, $fileModes = 0777 ){

Now you have 2 versions. Use the modifyed (0777) vesion before you load features/magento connect.
After you’re done run the original version to restet your permissions to (Directories - 0755) and (php files - 0644).
After chmod the following to;

/media/ to 0777 and all internal folders, files and images
/var/ to 0777
/var/sessions/ to 0777 and empty
/var/cache/ 0777 and empty

Hope this helps.

William

 
Magento Community Magento Community
Magento Community
Magento Community
 
ggchamp
Sr. Member
 
Total Posts:  153
Joined:  2009-04-30
 
ibasket - 23 April 2010 12:34 AM

Here’s what i do,

Download the Magento cleanup tool from here:
http://www.magentocommerce.com/wiki/groups/227/resetting_file_permissions

I have 2 versions of this file, one for setting permissions for security (as downloaded).
And one for setting all to 777 for loading features/magento connect.

The one for features i changed this line:

function AllDirChmod( $dir = “./”, $dirModes = 0755, $fileModes = 0644 ){

to

function AllDirChmod( $dir = “./”, $dirModes = 0777, $fileModes = 0777 ){


Now you have 2 versions. Use the modifyed (0777) vesion before you load features/magento connect.
After you’re done run the original version to restet your permissions to (Directories - 0755) and (php files - 0644).
After chmod the following to;

/media/ to 0777 and all internal folders, files and images
/var/ to 0777
/var/sessions/ to 0777 and empty
/var/cache/ 0777 and empty

Hope this helps.

William

You saved me thanks bro.
I use this little wiki entry which is a god send it explains how to install extension via SSH much cleaner and safer its great!
http://www.magentocommerce.com/wiki/groups/227/installing_extensions_via_ssh

 
Magento Community Magento Community
Magento Community
Magento Community
Magento Community
Magento Community
Back to top