I need help for recommended privileges on my dedicated server.
My dedicated server is installed with Debian and on the official documentation of Magento it's recommended to follow the following instructions :
Dedicated Magento server only. As a user with root privileges :
chown -R web-server-user-name .
Enter the following commands to set permissions:
find . -type f -exec chmod 400 {} \;
find . -type d -exec chmod 500 {} \;
find var/ -type f -exec chmod 600 {} \;
find media/ -type f -exec chmod 600 {} \;
find var/ -type d -exec chmod 700 {} \;
find media/ -type d -exec chmod 700 {} \;
chmod 700 includes
chmod 600 includes/config.php
On stackexchange posts, the main users use the following privileges:
find . -type f -exec chmod 644 {} \;
find . -type d -exec chmod 755 {} \;
find var/ -type d -exec chmod 777 {} \;
What is the most secure configuration?
How to secure the app folder and the local.xml?
How to secure the downloadable folder files?
And what are the privileges for run cron?
Best Answer
A rule of thumb is: Be as restrictive as possible while allowing as much as necessary.
This suggestion is the most restrictive:
But this setup only works if
crontab -u web-server-user -e
as root to set up the crontabFor that last reason, I'd consider the following setup more secure:
Full write access to owner, restrictive access to web server user
Now the
web-server-user-name
group has the same permissions as before, but additionally thessh-user-name
user has write access. other users still have zero permissions, and it is not necessary to deploy the files as root user.These are already secured against access from the web via
.htaccess
. On a file system level, they get the same protection as any other file (see above).Delete it. Seriously. Or read: Recommended method to protect /downloader?
Run the cron as web server user (see above)