[TYPO3-dev] TYPO3 and default filesystem rights

[Philipp Gampe]

Hi Robert Wildling,

Robert Wildling wrote:

> Ok, then it's 775, but is there a reason, why TYPO3 is not already
> configured that way?
Because even that is more then needed. Actually the webserver is the one 
that is important. On usual setups, the webserver runs on some kind of 
webserver group (www-data) and the user is the user of the FTP account.


Then you need to change the group for all files and folders to the webserver 
group.

The following folders need write permission (77?):
fileadmin/
typo3conf/
typo3temp/
uploads/

The other folders only need read and execute permissions (75?):
t3lib/
typo3/

Note the question mark. If you have a common setup, you can even set the 
last bit to 0 and it still works (770 and 770). Otherwise use 775 and 755 
there.

Actually can can even set fileadmin/ and uploads to read/write only (760).

To summarize:
You have three bytes: owner, group and world. For each byte you can set it 
to:
none = 0
read = 4
read + execute = 5
read + write = 6
read + write + execute = 7

In general you should never allow world to write. In most case you do not 
even want world to read.

If you set your setup to 777, then everybody on your server can read and 
write to any of your files, including configuration files.


More advanced setups may fine tune the permissions even more (e.g. 
typo3conf/localconf.php vs typo3conf/ext/).

Best regards
-- 
Philipp Gampe – PGP-Key 0AD96065 – TYPO3 UG Bonn/Köln
Documentation – linkvalidator
TYPO3 .... inspiring people to share!