Just a quick question regarding user ownership of:
/cache
/store
/files
/images/avatars/upload
I usually set things up so www-data is the group owner, not the user owner. This simplifies some things for me.
I also normally set permissions to 750 (or 770) for directories that www-data needs to access (or write to)
But my 3.3.x install complained and refused to proceed until I changed the user owner of the above locations to www-data (Apache2 username)
I looked into this and it seems that only the user owner can perform specific filesystem-oriented operations. It this the reason why?
I am also wondering why permissions oriented documentation I've seen advises 777 permissions - surely the public owner can be set to 0 at least?
I have admired phpBB for decades, and I am finally in a position to put it into a new website.
I just want to keep the attack surface as small as possible, but not get silly about it.
I am curious as to why www.-data needs user ownership of only these directories and no others.
I also wrote a little bash script that sets the above permissions for these directories.
, if anyone wants that functionality.
Graham Leach
/cache
/store
/files
/images/avatars/upload
I usually set things up so www-data is the group owner, not the user owner. This simplifies some things for me.
I also normally set permissions to 750 (or 770) for directories that www-data needs to access (or write to)
But my 3.3.x install complained and refused to proceed until I changed the user owner of the above locations to www-data (Apache2 username)
I looked into this and it seems that only the user owner can perform specific filesystem-oriented operations. It this the reason why?
I am also wondering why permissions oriented documentation I've seen advises 777 permissions - surely the public owner can be set to 0 at least?
I have admired phpBB for decades, and I am finally in a position to put it into a new website.
I just want to keep the attack surface as small as possible, but not get silly about it.
I am curious as to why www.-data needs user ownership of only these directories and no others.
I also wrote a little bash script that sets the above permissions for these directories.
, if anyone wants that functionality.
Graham Leach
Statistics: Posted by GrahamLeach — Sat May 03, 2025 2:30 pm