www-data permissions on mod folder

Hello.

For some reasons I need to set read-write permissions for www-data on the mod folder - currently, local user.

I have plan to set this command:

chown www-data:www-data -R /var/www/mod

I have not plan to set 777 chmod.

Only 755 for folders and 644 for files.

Is it safe?

  • It shouldn't be necessary to change the read/write permissions for files or directories within the mod folder if they are already 755 for folders and 644 for files. That what you would already get under normal conditions when extracting the Elgg zip archive or plugins on your server. If the files and folders are NOT owned by the www-data user (the webserver) you would have to set read permissions in any case for files and read/access permissions for folders for "others", i.e. in this case 644 for files and 755 for folders.

    You should definitely not set write permissions (777) for the whole mod folder or files within (it might be necessary in some cases for a specific folder or files within one plugin folder but surely not for the whole mod folder).

    If you have trouble with read/access within the mod folder that make you believe you would have to change the permissions, could it be that SELinux is used on your server? In this case there could be additional permissions set (or it could be necessary to change them). You could try a "ll -Z". If you get an additional column showing only question marks (?) SELinux is probably not used. But if there is something different shown than question marks these files and folders are protected by SELinux and it would be necessary to set the permissions for any additional files and folders accordingly.

  • Thanks for reply.

    I'm not going to change 755 for folders and 644 for files.

    My question is 'Is it safe to change www-data on the mod folder or not'?

    My server is Ubuntu.

  • Ah, missed that you want to change the owner to the Apache user. I thought you wanted chmod the files.

    I think to be on the safe side when changing owner to www-data it would be best to change directory permissions to 555 and file permissions to 444. Then there's no write access enabled anymore.