Shulou(Shulou.com)06/01 Report--

This article mainly introduces how to set read-only file permissions in the Web server document root directory, with a certain reference value, interested friends can refer to, I hope you can learn a lot after reading this article, the following let Xiaobian take you to understand.

Q: how do I set read-only permissions for all files I store in the / var/www/html/ directory?

You can use the chmod command to set read-only permissions on all files on the Linux/Unix/macOS/OS X/*BSD operating system. This article describes how to set read-only file permissions on Linux/Unix 's web servers (such as Nginx, Lighttpd, Apache, etc.).

How to set a file to read-only mode

The syntax is:

# only for files # how to set the directory to read-only mode for chmod 0444 / var/www/html/*chmod 0444 / var/www/html/*.php

The syntax is:

# only for directories # chmod 0444 / var/www/html/chmod 0444 / path/to/your/dir/# * # if the user / user group of the web server is www-data The file owner is ftp-data user / user group # * # set directory all files to read-only chmod-R 0444 / var/www/html/# setting The file / directory is owned by ftp-datachown-R ftp-data:ftp-data / var/www/html/#. All directories and subdirectories have permissions of 0445 (so that users or user groups of the web server can read our files) find / var/www/html/-type d-print0 | xargs-0-I {} chmod 0445 "{}"

Find all files (including subdirectories) under all / var/www/html, and type:

# valid only for files # find / var/www/html-type f-iname "*"-print0 | xargs-I {}-0 chmod 0444 {}

However, you need to set read-only and execute permissions on the / var/www/html directory and its subdirectories so that the web server can access the root directory. Type:

# valid for directories only # find / var/www/html-type d-iname "*"-print0 | xargs-I {}-0 chmod 0544 {} be wary of write permissions

Note that write permissions on the / var/www/html/ directory allow anyone to delete files or add new files. That is, you may need to set a read-only permission to the / var/www/html/ directory itself.

# web root directory read-only # chmod 0555 / var/www/html

In some cases, depending on your setup requirements, you can change the owner and group of the file to set strict permissions.

# if the owner of the / var/www/html directory is an ordinary user, you can set the owner to: root:root or httpd:httpd (recommended) # chown-R root:root / var/www/html/ # make sure apache has / var/www/html/ # chown-R apache:apache / var/www/html/ about the NFS export directory

You can specify which directory should have read-only or read-write access in the / etc/exports file. This file defines various shares on the NFS server and their permissions. Such as:

# read-only access to anyone / var/www/html * (ro,sync) # to 192.168.1.10 (upload.example.com) client read-write access / var/www/html 192.168.1.10 (rw,sync) about Samba (CIFS) read-only shares for MS-Windows clients

To update the smb.conf as a read-only shared sales, as follows:

[sales] comment = Sales Datapath = / export/cifs/salesread only = Yesguest ok = Yes about the file system table (fstab)

You can configure some files to be mounted in read-only mode in the / etc/fstab file on Unix/Linux.

You need to have dedicated partitions and do not set other system partitions to read-only mode.

Set / srv/html to read-only mode in the / etc/fstab file as follows.

/ dev/sda6 / srv/html ext4 ro 1 1

You can use the mount command to remount the partition to read-only mode (using root users)

# mount-o remount,ro / dev/sda6 / srv/html

Or

# mount-o remount,ro / srv/html

The above command attempts to remount the mounted file system to / srv/html. This is a common way to change the file system mount flag, especially to make read-only files writable. This approach does not change the device or mount point. To make the file writable again, type:

# mount-o remount,rw / dev/sda6 / srv/html

Or

# mount-o remount,rw / srv/htmlLinux:chattr command

You can use the chattr command on the Linux file system to change the file properties to read-only, such as:

Chattr + I / path/to/file.phpchattr + I / var/www/html/ # find any file under / var/www/html and set it to read-only # find / var/www/html-iname "*"-print0 | xargs-I {}-0 chattr + I {}

The read-only attribute can be deleted by providing the-I option:

Chattr-I / path/to/file.php

FreeBSD, Mac OS X, and other BSD Unix users can use the chflags command:

# set read-only # # chflags schg / path/to/file.php # Delete read-only # # chflags noschg / path/to/file.php Thank you for reading this article carefully. I hope the article "how to set read-only file permissions on the document root of the Web server" shared by the editor will be helpful to you. At the same time, I hope you will support it and follow the industry information channel. More related knowledge is waiting for you to learn!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.