LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - General
User Name
Password
Linux - General This Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.

Notices


Reply
  Search this Thread
Old 05-08-2015, 12:15 PM   #1
dogpatch
Member
 
Registered: Nov 2005
Location: Central America
Distribution: Mepis, Android
Posts: 490
Blog Entries: 4

Rep: Reputation: 238Reputation: 238Reputation: 238
Files permissions altered on Linux (nginx) hosting service


I have 3 websites hosted on a Linux server running nginx (not Apache). Up until recently I was in control of the files permissions therein; I would set the files permissions via ftp and that was that.

I kept most of my files permissions as normal 644, but set certain binaries in cgi-bin to 750, php scripts and their backups to 640, and a few user-updatable files to 666 (although 644 would probably have been ok). A couple weeks ago, I noticed all files had been reset to 755 without asking my permission or even informing me. I submitted a support ticket, and spent 2 or 3 hours working with their tech support and using ftp to set the permissions back to what I wanted. That was fine for awhile, but now I see they've all been set to 755 again, apparently by some automatic cron process(??). Tech support will not answer me why this is happening.

My question is two-fold:

1. Any ideas why they might be doing this?
2. Might this present a security problem or difficulty for my visitors? Functionality seems to be ok, although I have not exhaustively tested all pages.
 
Old 05-08-2015, 12:24 PM   #2
rknichols
Senior Member
 
Registered: Aug 2009
Distribution: Rocky Linux
Posts: 4,797

Rep: Reputation: 2222Reputation: 2222Reputation: 2222Reputation: 2222Reputation: 2222Reputation: 2222Reputation: 2222Reputation: 2222Reputation: 2222Reputation: 2222Reputation: 2222
Run "ls -lc --full-time" on one of the files to see exactly when the change occurred. Then, see if that correlates with something in the cron log.
 
Old 05-08-2015, 12:43 PM   #3
dogpatch
Member
 
Registered: Nov 2005
Location: Central America
Distribution: Mepis, Android
Posts: 490

Original Poster
Blog Entries: 4

Rep: Reputation: 238Reputation: 238Reputation: 238
I only have ftp access. The ftp command "ls -lc --full-time" routes the response to a local file named "--full-time". I can see the timestamps OK, that's not the problem. But on this server, changing a file's permissions does not affect the file's timestamp, including when I myself change the permissions via ftp with chmod. All timestamps correspond to the last time the file's actual contents were changed.

My real question is WHY are they doing this, and - does it matter? (And, if it does matter, what do I need to say to my hosting service to get them to stop doing this in the future?)
 
Old 05-11-2015, 12:17 PM   #4
dogpatch
Member
 
Registered: Nov 2005
Location: Central America
Distribution: Mepis, Android
Posts: 490

Original Poster
Blog Entries: 4

Rep: Reputation: 238Reputation: 238Reputation: 238
My hosting service tech support finally responded thus
Quote:
are you running wordpress on this account ?

If so we will when a major security issue arises auto upgrade your wordpress install to the secure version, in this process we will also reset the permissions on the account to the said 755 values.
without specifying exactly why they would set file permissions to 755 (to the entire site!) when automatically upgrading wordpress.

Tech support has also assured me that
Quote:
Also please note that 755 is *not* insecure, we run our shared hosting using cloudlinux and cagefs, this restricts on the file system all clients to only being able to see their own home folder, which means that only you can see your files on the server (eg chmod 777 would still only allow your user full access to the said file / folder )
Does anyone here at LQ disagree with either of these two statements from my hosting service tech support? Any words of warning or caution for me?
 
Old 05-11-2015, 01:26 PM   #5
Habitual
LQ Veteran
 
Registered: Jan 2011
Location: Abingdon, VA
Distribution: Catalina
Posts: 9,374
Blog Entries: 37

Rep: Reputation: Disabled
Quote:
Originally Posted by dogpatch View Post
A couple weeks ago, I noticed all files had been reset to 755 without asking my permission or even informing me.
and was Wordpress upgraded at that time?
There were 2 US-CERT Notices for it recently
4.2.1
4.2.2
so it sound plausible that the Providers statement "when a major security issue arises auto upgrade your wordpress install to the secure version" is exactly what happened, twice.

And since they reset perms during those situations, you got your files 'reset' to 755.
 
1 members found this post helpful.
Old 05-11-2015, 03:40 PM   #6
dogpatch
Member
 
Registered: Nov 2005
Location: Central America
Distribution: Mepis, Android
Posts: 490

Original Poster
Blog Entries: 4

Rep: Reputation: 238Reputation: 238Reputation: 238
Quote:
Originally Posted by Habitual View Post
and was Wordpress upgraded at that time?
There were 2 US-CERT Notices for it recently
4.2.1
4.2.2
so it sound plausible that the Providers statement "when a major security issue arises auto upgrade your wordpress install to the secure version" is exactly what happened, twice.

And since they reset perms during those situations, you got your files 'reset' to 755.
Yes, it seems reasonable to assume that that is exactly what happened. And do you agree with their contention that universal 755 permissions does not entail any security or functionality problem?

A couple years ago, these same tech support people were setting all my php scripts to 640 and advised me to do the same for any new php scripts, saying that the 'other' permission setting should be zero to protect against site mining or some such risk; i don't remember their exact words.
 
Old 05-11-2015, 03:59 PM   #7
Habitual
LQ Veteran
 
Registered: Jan 2011
Location: Abingdon, VA
Distribution: Catalina
Posts: 9,374
Blog Entries: 37

Rep: Reputation: Disabled
Quote:
Originally Posted by dogpatch View Post
Yes, it seems reasonable to assume that that is exactly what happened. And do you agree with their contention that universal 755 permissions does not entail any security or functionality problem?

A couple years ago, these same tech support people were setting all my php scripts to 640 and advised me to do the same for any new php scripts, saying that the 'other' permission setting should be zero to protect against site mining or some such risk; i don't remember their exact words.
755 for Directories.
644 for Files.
These 2 settings are the recommended settings for forward-facing websites.
Reference:
http://codex.wordpress.org/Hardening_WordPress, specifically
http://codex.wordpress.org/Hardening...le_Permissions
 
Old 05-11-2015, 04:49 PM   #8
dogpatch
Member
 
Registered: Nov 2005
Location: Central America
Distribution: Mepis, Android
Posts: 490

Original Poster
Blog Entries: 4

Rep: Reputation: 238Reputation: 238Reputation: 238
Based upon what I've learned, and since my wordpress blog is almost entirely untrafficked by real humans, I think I'll do the following:

1. Get rid of wordpress.
2. Write a script to walk through the entire site and set permissions as they really should be.
3. Write a cron job or manually run a script periodically to check these settings and alert me if there is another automatic reset.

Will mark this thread as Solved.
 
Old 05-11-2015, 06:11 PM   #9
Habitual
LQ Veteran
 
Registered: Jan 2011
Location: Abingdon, VA
Distribution: Catalina
Posts: 9,374
Blog Entries: 37

Rep: Reputation: Disabled
Quote:
Originally Posted by dogpatch View Post
Based upon what I've learned, and since my wordpress blog is almost entirely untrafficked by real humans, I think I'll do the following:

1. Get rid of wordpress.
2. Write a script to walk through the entire site and set permissions as they really should be.
3. Write a cron job or manually run a script periodically to check these settings and alert me if there is another automatic reset.

Will mark this thread as Solved.
If you're interested in hosting a Wordpress site entirely for your own benefit or usage, you should consider Docker containers.
My Third Docker Deploynment outlines the 4 Docker commands needed to start a Wordpress with MySQL environment with persistence.
Do you have a 64 Bit architecture installed? If you do, consider docker.
 
Old 05-12-2015, 07:41 PM   #10
dogpatch
Member
 
Registered: Nov 2005
Location: Central America
Distribution: Mepis, Android
Posts: 490

Original Poster
Blog Entries: 4

Rep: Reputation: 238Reputation: 238Reputation: 238
Quote:
Originally Posted by Habitual View Post
If you're interested in hosting a Wordpress site entirely for your own benefit or usage, you should consider Docker containers.
My Third Docker Deploynment outlines the 4 Docker commands needed to start a Wordpress with MySQL environment with persistence.
Do you have a 64 Bit architecture installed? If you do, consider docker.
Am a bit confused. I originally thought that by installing a wordpress blog and customizing certain scripts for my own purpose, that i was in fact acting as an independent developer, as opposed to, say, using a blogspot blog. I thought that i was in full control over when and if ever to upgrade the wordpress software, as well as in full control over customizing it.

The fact that my hosting service, without my authorization or without even notifying me, has automatically upgraded my wordpress at least twice - that has me wondering what advantage there was in having wordpress in the first place. And the further worry that wordpress installations have apparently become spam magnets. Add to that the almost non-exeistent traffic being generated, and I'm more inclined to just dump it. Perhaps save my posts and comments as static non-wordpress pages, as read-only archives of a once functional blog.

But tell me, is Docker some kind of alternative that would allow me to avoid the spam magnetism and the automatic upgrades, and restore to me full development control over my own website?

To answer your question: Im quite sure my hosting service runs 64-bit, but my own home computer is an older 32 bit machine.

Last edited by dogpatch; 05-12-2015 at 07:44 PM. Reason: add answer
 
  


Reply

Tags
files permisssions, hosting, nginx


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] Best hosting service for Linux users. Lola Kews Linux - General 10 09-28-2013 05:47 AM
Dedicated Linux Hosting Service? backtous Linux - Enterprise 2 08-11-2010 11:11 AM
Dedicated Linux Hosting Service? backtous Linux - Hardware 1 08-11-2010 05:59 AM
Dedicated Linux Hosting Service? backtous Linux - Server 1 08-11-2010 05:59 AM
Gnome altered permissions in /dev Ovalteen Linux - Software 3 03-23-2005 06:38 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - General

All times are GMT -5. The time now is 02:51 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration