Task: prevent access to user files on the server from being read by other users. It can be useful if there are several users on the server, the first one has been hacked and on its behalf they are trying to view directories of other users.
If you need to change permissions for existing files with chmod:
find / catalog -type f -print | xargs chmod 640
As a result, the owner of the files will be able to edit and read the files. Users who belong to the owner’s group can only be read; outsiders will not have any rights at all.
We will do the same with directories; at the same time, we will set the right to execute for users of the group, and for the owner to have full access:
find / catalog -type d -print | xargs chmod 750
And for newly created files and folders we will install the same rights. To do this, edit the default umask value. Create a .bashrc file and a .profile file in the user's root folder (or edit an existing one), write the line in it:
umask 027
PS You may also need to add the user on whose behalf the web server is running to the user’s group - the owner of the files. For example, adduser www-data somegroup .
(No ratings yet) 
Loading...