Skip to main content

This site requires you to update your browser. Your browsing experience maybe affected by not having the most up to date version.

We've moved the forum!

Please use forum.silverstripe.org for any new questions (announcement).
The forum archive will stick around, but will be read only.

You can also use our Slack channel or StackOverflow to ask for help.
Check out our community overview for more options to contribute.

General Questions /

General questions about getting started with SilverStripe that don't fit in any of the categories above.

Moderators: martimiz, Sean, Ed, biapar, Willr, Ingo, swaiba

File / Folder Permissions: Best Practice / Correct Usage


Go to End


1150 Views

Avatar
CHD

Community Member, 219 Posts

2 September 2011 at 11:03pm

Morning all,

I've always just left my SilverStripe installations with the default file/folder permissions on my server, but lately I've been setting up individual sys_users / ftp_users for each domain, whilst updating the owners in Linux it seems to reset all the file permissions and the site throws up a server error. Easily fixed by updating all of the folder / File permissions.

however, it has raised the question for me again, what really is the most secure setup for after installation?
I always thought the assets folder had to be writeable by all, but i've just tried with public permissions set to 0 and the CMS can still edit all files in the assets folder fine.

I've looked around here and Google and not found any good answers in regards to this, so can anybody shed any light on it now?

I'm looking for the most secure setup, for all files and folders so that the site will run smoothly, CMS can update assets but I can be 100% confident that the site is secure, and nobody can access the _config.php file for example

thanks in advance for any help.