XF 1.4 What are the default/correct Unix folder permissions?

[jeffwidman]

I was having a bunch of errors installing/updating some addons, so I did

chmod -R 0777

on the following folders:

1. data
2. internal_data
3. library
4. styles
5. js

That fixed the errors, but I'm not sure if I created any security issues by opening stuff up this much.

What are the correct/default Xenforo folder permissions for each of these folders?

 

[Paul B]

In general files and directories should be 0644 and 0755 respectively.

The /data and /internal_data directories should be:

• 0666/0777 if PHP runs as "nobody" (the web server user)
• 0644/0755 if it runs as "your" user (suPHP for example)

0644/0755 only works if PHP is running as the user that owns the file (generally with cpanel setups).

 

[jeffwidman]

Good catch--I forgot to check ownership.

I'm running Nginx + PHP-FPM through @eva2000 's excellent Centminmod. So PHP runs under user "nginx"

I changed all files/folders to be owned by root (I'm the only user on the VPS, so creating a special account for myself adds basically no security) and user group "nginx".

Then I set permissions to 0640/0750 respectively, then changed "data" and "internal_data" to 0660/0770 so that the "nginx" group can write to them.

Everything seems to be working fine, so I'm happy with it. Also more secure than doing 666/777.