Textpattern CMS support forum
You are not logged in. Register | Login | Help
- Topics: Active | Unanswered
#1 2009-05-15 22:27:01
- andrew9
- New Member
- Registered: 2009-05-15
- Posts: 1
/files & /textpattern/tmp directory permissions
As a matter of security, I would like to set the permissions for /files and /textpattern/tmp directories as tightly as possible, but I’m a little unclear about how far I can go without breaking things. The documentation indicates that PHP needs write access to both directories, but it doesn’t say whether Apache (or anything else) needs access to them.
I am running Textpattern 4.0.8 on a shared host. Apache runs as nobody and PHP runs (via FastCGI) as me.
Are any files served to the web directly from either directory?
If not, does Apache (PERL, the shell, etc.) need read and/or write access to them for any other reason?
If not, is there any reason (e.g., hardcoded paths somewhere) not to move them outside public_html?
Thanks,
andrew9
Offline
Re: /files & /textpattern/tmp directory permissions
If your hosting allows you can definitely move the /files folder above the public_html directory because you can set the path to /files in “Preferences”.
Stuart
In a Time of Universal Deceit
Telling the Truth is Revolutionary.
Offline
#3 2009-05-19 07:36:26
- Mary
- Sock Enthusiast
- Registered: 2004-06-27
- Posts: 6,236
Re: /files & /textpattern/tmp directory permissions
…if you are using mod_rewrite and the “/file_download/” URLs. If you’re not, then the files directory needs to be publicly accessible.
As far as I can remember, the tmp directory does not need to be publicly accessible. It certainly wouldn’t harm anything to try moving it.
:)
Offline