在Ubuntu / Linux上正确授予所有权/权利
[英]Giving Ownership/Rights properly on Ubuntu/Linux
问题描述
I'm currently facing alot of issues with giving rights/ownership on Zend Server. 
我目前在Zend Server上授予权利/所有权时遇到很多问题。 I always do a 我总是做一个
chown user -R path/to/file
and 和
giving 777 to fodlers and file then end up with lots of 777... with some not needing that 777, If there is a user to zend server, i hope i could just give it ownership to everything .... so i dont have to 777 so many stuff
So far giving rights/ownership is fixing and CREATING issues with zend servers ...which is why i 'm here :( 到目前为止,授予权限/所有权正在解决和创建zend服务器的问题...这就是为什么我在这里:(
I'm also having issue debugging, when an error occurs i'm not sure how to check what caused it. 我也遇到调试问题,当发生错误时,我不确定如何检查导致错误的原因。 I do read forums people doing a -debug behing their command. 我确实读过论坛上的人,他们在执行-debug时会执行命令。 Sometimes i'm also not sure which file to give permission to. 有时我也不确定要授予权限的文件。 I realise my zend server is a User itself i believe... 我意识到我的zend服务器本身就是一个用户,我相信...
any advice or guide would be greatly appreciated. 任何建议或指南将不胜感激。
I have these as users 我有这些作为用户
zend:x:106:112::/usr/local/zend/gui/lighttpd/:/bin/false
root:x:0:0:root:/root:/bin/bash
and many others. 还有很多其他 I think daemon and zend is related to zend server. 我认为守护程序和zend与zend服务器有关。
2 个解决方案
解决方案1
2 2013-07-15 16:52:29
You should NEVER make a file executable (bit 0 set) that is not an executable shell script (CGI scripts such as PHP do NOT need execute permission), setting it to 777 is just plain lazy and dangerous from a security perspective. 绝对不要将不是可执行外壳脚本的可执行文件(设置为0位)(不是PHP的CGI脚本不需要执行权限),将其设置为777绝对是懒惰且从安全角度来看很危险。
I often run the following to correct permissions on a web folder: 我经常运行以下命令来更正Web文件夹的权限:
chown username:groupname * -R
find -type d -exec chmod 755 {} \;
find -type f -exec chmod 644 {} \;
This will give all directories: 这将给出所有目录:
- read permission by the owner, the group and anyone else 所有者,小组和其他任何人的阅读权限
- write permission by the owner only 所有者的书面许可
- execute permission which allows entering them and listing of their contents. 执行权限,允许输入它们并列出其内容。
And it will give all files: 它将提供所有文件:
- read permission by the owner, the group and anyone else. 阅读所有者,群组和其他任何人的许可。
- write permission by the owner only. 仅拥有者的写许可。
- no execute permissions at all. 根本没有执行权限。
If you can add the Apache/HTTP server user to the user's group ( usermod -G apache -a username ), you can tighten this even further to 750 and 640 which will prevent other users from being able to read the web files (this can be bypassed via the webserver though depending on the server configuration). 如果您可以将Apache / HTTP服务器用户添加到用户组( usermod -G apache -a username ),则可以将其进一步限制为750和640,这将阻止其他用户读取网络文件(可以通过网络服务器绕过,具体取决于服务器配置)。
解决方案2
1 已采纳 2013-07-15 16:06:50
Just a note when giving permission for web server. 授予Web服务器权限时仅需注意。
Permissions are simple. 权限很简单。 You just have to remember there is read write and execute permission in *nix. 您只需要记住* nix中具有读写权限即可。 You won't need the execute permission in any of the script files but all folders must have execute permission. 您不需要任何脚本文件中的执行权限,但所有文件夹都必须具有执行权限。 That leaves you with the read and write permissions. 这样就拥有了读写权限。 You will need read permission for all the files and folders. 您将需要所有文件和文件夹的读取权限。 You will only need write permission only to the folders and files which need to be changed by the web server. 您仅需要对Web服务器需要更改的文件夹和文件的写许可权。 Basically you will need read write and execute permissions for temp folder, and if you are using file upload then the folder where you store the files. 基本上,您将需要temp文件夹的读写权限和执行权限,如果您正在使用文件上传功能,则需要在其中存储文件的文件夹。 You may need to have write permission only to files which needs to be changed by the web server (for simple sites these may not be there). 您可能只需要对需要由Web服务器更改的文件具有写许可权(对于简单的网站,可能不存在这些文件)。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.