Introduce yourself here! In order to avoid spam, new users must first comment on the discussion in the 'Introductions' before they become 'full members'
File permission of the entry.txt
  • I just discovered that the file permission for the entry.txt in /fp-content/content/YEAR/MONTH
    -rwxrwxrwx is.

    Shouldn't it be -rwxr--r--

    to prevent "Hackers" from changing the content?
  • Hi, there are constants in defaults.php...
    Change them to 0755, that is -rwxr-xr-x.
    Executable permission (x) in directory is needed to allow other users/groups (such as webservers) to list the content... However if you are sure you use just one user or just an user and a group you could change to 0700 or 0750...
  • I found in the defaults.php the fo0llowing:

        define('FILE_PERMISSIONS', 0777);
        define('DIR_PERMISSIONS', 0777);

    and

    // all writable directories go here.
        define('FP_CONTENT', 'fp-content/'); //must be chmodded to 0777

    I would like to change fp-content/content to 0755 but how can I do this?

    If I change
    define('FILE_PERMISSIONS', 0777);

    to
    define('FILE_PERMISSIONS', 0755); it applies to all files, not only the fp-content/content ones, right?
  • Wait... Do you want file or directory?
    For directory it's better 0755 or 0775, for files 0644 or 0664.
    After you have done it you have to restore permissions from the administration panel
  • For files. But doesn't it aplly for all files not only the ones in fp-content/content?
  • Sorry, I didn't understand the querstion.

    Short answer: yes

    Long answer:
    Theoretically the webserver user/group should be able to access in write mode only fp-content... All other directories user/group should be yours and you should set chmod like 0755 for dirs and 0644 for files. Fp-content should be yours too but have permissions 0777 to allow webserver to write in.

    So the answer is: these constants applies to all files and directories in fp-content, not just fp-content/content but neither to the root of your FP installation.
    The restore chmod feature applies to fp-content only, too.

    Constants however apply on all Flatpress I/O functions (so io_write_file, fs_makedir...) when FP can access these files/directories as owner, because otherwise it couldn't change permissions.
    So if you change a file outside fp-content and FP is the owner, it will have the permission you set on FILE_PERMISSIONS, otherwise its chmod won't be modified.

    However the theoretical scenario isn't widespread: when you publish your files in your webspace usually you just use one user/group.
    This permission division is more common when you have a SSH access or if you are developing the site in a Linux/Unix box...
Start a New Discussion

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

In this Discussion