I had problems installing MODx Revolution (« a cool, new PHP-based Content Management System). I tracked the source of these problems to 'permission' settings applied to certain files & folders within the /modx installation directory.
Every file and folder on a Linux server has an assigned permission setting. These settings control WHO can do WHAT (.. to/with a particular file or folder). The 'WHAT' aspect addressees the authorization to:
- read (4)
- write (2)
- execute (1)
.. or some combination thereof. For example » 6=4+2 = read + white, while 5=4+1 = read + execute, and 4 = read-only. The 'WHO' part is divided into the following categories:
- OWNER .. of the file/directory (me) Represented by the number listed FIRST.
- GROUP-member .. assigned permission to access the file/directory (set by me)
- THE WORLD (.. represented by number listed LAST)
The most-permissive of these settings is » 777 (4+2+1) which lets any-BODY do any-THING (.. known as 'world-writable'). In other words, it would let anybody (including a hacker) » read, write & execute my file(s). This is why most admins cringe at the idea of setting a permission to 777.
The first 7 is cool, cuz that lets ME (the file's 'owner') do whatever I want. The second 7 is also cool, cuz it lets the members of a GROUP (that I select) do certain things (such as read, write & execute files). It's that last 7 where the trouble lies. It lets anybody else do whatever they like. Not good for security.
While installing MODx, I discovered (thru trial-n-tribulation) that I needed to set certain directories (deemed 'writable') to 777 .. in order for the program to install. And I wasn't the only one experiencing this problem.
For me, sadly, this was a deal-breaker. I was excited about the new MODx Revolution (currently at beta5). It has some really cool features. But I was unwilling to operate with any files or folders set (permanently) to 777.
Before abandoning my quest however, (to explore MODx Revolution), I decided to see if I could find a solution.
While searching, I noticed some files & folders within the /modx directory that had an 'owner' listed as » 'nobody' .. something I'd never seen before. [ The 'owner' of all other files on my server is normally listed as 'rad.' ]
This mysterious Mr. 'nobody' (I learned) is the default Apache user. (Tho I hear it can sometimes be listed as 'apache'.)
In a practical sense, when your system is configured to run PHP as an Apache user (which is common .. also called the 'web server user') .. any files or folders CREATED by the PHP program/script will be assigned an owner of 'nobody'.
Recent Comments