How to secure folder with chmod.
December 10, 2009 1:32 PM Subscribe
How do you secure a folder via ftp so that no one can see or access it with chmod?
I run a discussion board. I would like to backup my database occasionally to a folder on my web server. I want the folder to be secure so that no one can access it. I need the folder to be writable so that I can place the .sql file in there for safe keeping.
I use Filezilla and I know how to change the folder attributes, I just don't understand what it all means.
Thanks for the help!
I run a discussion board. I would like to backup my database occasionally to a folder on my web server. I want the folder to be secure so that no one can access it. I need the folder to be writable so that I can place the .sql file in there for safe keeping.
I use Filezilla and I know how to change the folder attributes, I just don't understand what it all means.
Thanks for the help!
Best answer: Oh, and if it uses the octal numbering convention, the equivalent permissions would be to set it to 700, which means you have full access, and anyone else has no access.
This link does a good job of describing the correspondence between the two methods: http://www.analysisandsolutions.com/code/chmod.htm
posted by chrisamiller at 1:46 PM on December 10, 2009
This link does a good job of describing the correspondence between the two methods: http://www.analysisandsolutions.com/code/chmod.htm
posted by chrisamiller at 1:46 PM on December 10, 2009
The FTP server writes the files as a particular "user". You have to be the only person who can take on the role of that user. (The admin of the machine can always override that, note.)
If that is true, then you can set the permissions to be "700" on the container of the files (the directory). That makes the contents, the references ("filenames") to the data accessible only by that user. (The first octet is all of read+write+access (4+2+1=7) for the owning user. Then none of those for the owning group or anyone-at-all. 700.
Beware that you said "no one can access it". Your user account still can, and that's not the same as "no one." There is no good way to make it write-only for your account.
posted by cmiller at 1:50 PM on December 10, 2009
If that is true, then you can set the permissions to be "700" on the container of the files (the directory). That makes the contents, the references ("filenames") to the data accessible only by that user. (The first octet is all of read+write+access (4+2+1=7) for the owning user. Then none of those for the owning group or anyone-at-all. 700.
Beware that you said "no one can access it". Your user account still can, and that's not the same as "no one." There is no good way to make it write-only for your account.
posted by cmiller at 1:50 PM on December 10, 2009
If you are the owner of your backup folder, and your web server process is running as some other user, one way to do it is this:
If, after that, you find out you can't write to the folder any more, do this:
You might want to provide us with some more details, as your question is a little suspicious. Are your backup files somehow visible via the web server with your current setup? That's not such a good idea. Security is all about multiple lines of defense and avoiding unnecessary exposure, you should not put your data out in public and then rely on file permissions to protect it.
posted by Dr Dracator at 1:51 PM on December 10, 2009
chmod go-rwx $BACKUP_FOLDERIf, after that, you find out you can't write to the folder any more, do this:
chmod u+w $BACKUP_FOLDERYou might want to provide us with some more details, as your question is a little suspicious. Are your backup files somehow visible via the web server with your current setup? That's not such a good idea. Security is all about multiple lines of defense and avoiding unnecessary exposure, you should not put your data out in public and then rely on file permissions to protect it.
posted by Dr Dracator at 1:51 PM on December 10, 2009
Response by poster: I didn't think I was being suspicious at all, but I will try and provide a bit more information.
I use vbulletin to run a community forum. The server, database etc. is hosted at 1and1. I simply want to use the built in backup function in the vbulletin admin control panel to backup my forum. vbulletin backs up everything into a single .sql file.
I simply want to place that file into a folder that is not visible nor accessible to anyone except me.
I use Filezilla to do my ftp and I can change the file or folder attributes within that program. I'm just a dolt when it comes to all of those permissions settings.
Perhaps there is no such thing as a secure folder on the intertubes. Maybe I'll just download the file to save it locally.
posted by Jackie_Treehorn at 2:12 PM on December 10, 2009
I use vbulletin to run a community forum. The server, database etc. is hosted at 1and1. I simply want to use the built in backup function in the vbulletin admin control panel to backup my forum. vbulletin backs up everything into a single .sql file.
I simply want to place that file into a folder that is not visible nor accessible to anyone except me.
I use Filezilla to do my ftp and I can change the file or folder attributes within that program. I'm just a dolt when it comes to all of those permissions settings.
Perhaps there is no such thing as a secure folder on the intertubes. Maybe I'll just download the file to save it locally.
posted by Jackie_Treehorn at 2:12 PM on December 10, 2009
I didn't think I was being suspicious at all, but I will try and provide a bit more information.
I meant suspicious in the sense that I suspect you're doing something wrong (i.e. insecure): I was referring moslty to what odinsdream is talking about, you should do what he says.
But appart from that, saving a local copy of the backup now and then is an excellent idea. If your hosting provider's machine fails, it might take your backups along with it: Keeping the forum db and its backups on different machines improves your chances of surviving a catastrophe in either.
posted by Dr Dracator at 9:38 PM on December 10, 2009
I meant suspicious in the sense that I suspect you're doing something wrong (i.e. insecure): I was referring moslty to what odinsdream is talking about, you should do what he says.
But appart from that, saving a local copy of the backup now and then is an excellent idea. If your hosting provider's machine fails, it might take your backups along with it: Keeping the forum db and its backups on different machines improves your chances of surviving a catastrophe in either.
posted by Dr Dracator at 9:38 PM on December 10, 2009
This thread is closed to new comments.
drwxrwxrwx
- d means that it's a directory
- each set of rwx stands for read, write, and execute
- the three groups of rwx are for the user (the person who owns the folder), the group, and all others, respectively.
Assuming that you own the folder, you'll want to issue the command "chmod go-rwx" to remove read, write and execute priveleges from anyone who isn't you.
posted by chrisamiller at 1:43 PM on December 10, 2009