Website folder CHMOD permission changes

[Maljonic]

I have a few websites witrh one particular host that have various CMS installed, Joomla, Coppermine and similar, and they all had image folders with permissions automatically set, on installation, to 755.

Now about two days ago it was suddenly impossible to upload images to these folders and I can only get them to work by changing the permissions to 777. I've asked my host why this is and they say they haven't changed anything, but something MUST have changed because it was working fine for months and months. The same scripts on a different host's servers have their folders set to 755 like this one used to and they still work.

So, does anyone have any ideas what could cause this? I thought they might have upgraded the server or something, which somehow changed the way file permissions work, but they say they have changed nothing that could affect files in that way.

 

[wyrd_fish]

my guess would be that they've changed the user PHP runs as, as it works as 777

ask them

 

[Maljonic]

I have asked them, but I would have thought they would mention that. I've been asking them stuff all weekend.

If they have done this what would it mean? I wouldn't really want folder permissions set to 777, it's a bit of a security risk isn't it?

 

[wyrd_fish]

what permissions do the files have set on them?

and what owner / group do they have too, check both files uploaded before and after it went weird

 

[Maljonic]

All the files within the image folders have 644, both those uploaded before and those I upload now with the folders set to 777.

Owner read/write, group read

 

[GReaper]

They could've had suEXEC running before and now disabled it. It's impossible to tell without analysing the server itself.

Having a world writeable directory is the risk you have to take, it's just the way things work without suEXEC.

 

[Maljonic]

I'm beginning to lose confidence in them a bit to be honest. They should know all this stuff as a web host surely? They've been saying they've changed nothing but also say they can't offer any explantion as to why I can no longer upload images to folders with permissions set to 755. It's clearly not something I can have any control over, is it? So that only leaves them.

 

[babs]

As mentioned above, it may be ownership issues. If I upload via ftp the files are owned by my username, if a web script (coppermine, drupal, whatever) does the uploading then I cannot alter/delete those files via ftp.

The only ways I found to get around it were either using SSH and changing ownerships manually, or uploading a file management script such as phpexplorer, which essentially does the same job as an ftp client, but acts as the 'www' user.

Next time you speak to them, ask them to change ownership on all of your folders to whatever it should be, it could be as wyrd_fish mentioned that they've changed a username at the backend.

 

[Maljonic]

Well after flat denying they'd changed anything for three days and telling me there was nothing wrong, they sent me an email to say they fixed the problem. It had something to do with suEXEC, as GReaper mentioned, only they had installed it and caused the error, and fixed it by replacing it with whatever they had before.

 

[GReaper]

It's quite hard to balance security and performance on a web server. There are various options in setting it up.


CGI (with suEXEC): Reasonably secure as scripts are run as a different user. Not that great for performance as PHP has to be invoked with every request to a PHP script. This really is terrible for performance, loading up the PHP interpreter from scratch every time.

mod_php: Good for performance as PHP is loaded into Apache with the first PHP request, so it's available for use after. Not great for multiple users on the same machine as you need world read/write on certain files. Good for flexibility, you can change PHP settings in .htaccess files.

FastCGI (mod_fcgid): This can balance the two (can use with suEXEC for security) and offers good performance. However similar to CGI as you can't use PHP settings in .htaccess.


I wouldn't be too harsh on them.

 

[Maljonic]

Well that's pretty much all gibberish to me having never owned and run my own server before. This is what they said though:

"it seems that phpsuxec was not working correctly so we reinstalled suphp"

There is another problem now though, since they "fixed" it I get Internal Server Errors whenever I install a script using Fantastico. The fun never ends.

 

[Chilly]

all these cms and control panels. too complicated for me, I just admin my servers with cli and webmin.