Managing file/folder permissions and ownership

How to Manage Files & Folders Ownership and Permissions

The Unix files access is controlled. There are three types of access (permissions):

read
write
execute
Each file belongs to a specific user and group (ownership).

Access to the files is controlled by user, group, and what is called other/everyone permission bits and is usually set using a numerical value.

For example, 644 as permission bit will result in:

Owner / User Group Other/ Everyone 644

Each number represents the access level and it can be from 0 to 7.

The access level, depending on the number is as follows:

0 – no access to the file whatsoever
1 – execute permissions only
2 – write permissions only
3 – write and execute permissions
4 – read permissions only
5 – read and execute permissions
6 – read and write permissions
7 – read, write and execute permissions (full permissions)
Thus the above 644 permissions example will look like this:

Owner / User – Read and Write Group – Read and Write Other/ Everyone – Read only

To allow a script to be executed and read by everyone but the only one who can write in it is your user, you would need to set 755 as permissions:

Owner / UserGroupOther/ Everyone
7 – Full permissions
5 – read and execute
5 – read and execute
Changing the permissions to 700 will make the file visible only for your username and no one else and setting it to 444 will allow only the file creator to modify it.

The command you need to issue to actually change the permissions is called ‘chmod’ and it generally looks like this:

chmod 755 configuration.php
The above example changes the permissions of configuration.php file and sets them to 755.

You can recursively change the permissions of all folders and files using the recursive argument:

chmod -R 755 *This will modify the permissions of all files in the current folder and
set them to 755.
You might wonder what the above user/group values are. These two settings are the actual ownership flags for a file or a folder.

Each file has a primary user that owns it and a group assigned to it. To change those values, a special command exists — ‘chown’.

Its syntax is very easy:

chown user: group file

For example:

Chown user:

pamirwebhost configuration.php

The above line will set the owner of the file to ‘user’ and the group to ‘pamirwebhost’.

Changing ownership recursively is also permitted and the flag (naturally) is -R: chown -R user: pamirwebhost *

Finding your php.ini

o find your php.ini file all you need to do is enter the following command into your SSH Terminal.

php -i | grep php.ini

It will show you the directory copy and paste the directory, mainly the url (/usr/local/lib/) as bellow:

root@hostname [~]# php -i | grep php.ini

Configuration File (php.ini) Path => /usr/local/lib

Loaded Configuration File => /usr/local/lib/php.ini

Block IP ranges on CSF?

OK, so you wish to block a IP range from your server using cPanel/WHM.

We’ve always recommended CSF for the firewall on your VPS running cPanel and to do this on CSF go to the ConfigServer Security&Firewall then do the following:

If the IP was: 12.345.678.90

Quick Deny Red block type in:

To deny IP Range: 12.345.678.xxx use: 12.345.678.0/16

To deny IP Range: 12.345.xxx.xxx use: 12.345.0.0/16

To deny IP Range: 12.xxx.xxx.xxx use: 12.0.0.0/16

/dev/shm is not mounted with the noexec,nosuid?

Getting the error in ConfigServer Firewall?

/dev/shm is not mounted with the noexec,nosuid options (currently: none). You should modify the mountpoint in /etc/fstab for /dev/shm with those options and remount.

Simply follow the following:

Use the command: nano /etc/fstab

Replace this line: tmpfs /dev/shm tmpfs defaults 0 0

With this one: tmpfs /dev/shm tmpfs defaults,noexec,nosuid 0 0

Then Remount: mount -o remount /dev/shm

If you need support just contact our team who will be happy to help.