1

Actually i'm aware of a "PHP Web Folder". There seems to be some potentials of incoming attacks. So that i want to make sure this whole directory is READ-ONLY (Only writable by ROOT).

Let's say the directory: /var/www/html/mywebsite/ (recursively)

Since it is a Web folder, there are users like "apache" and other respective users who owns the files/directories. So regardless of whatever user(s) are inside:

  • How do i make that directory only writable by root only? (Not even by Apache)

Thank you!

Improve this question
2
  • It would have been nice of you if you had first investigated directory permissions before coming to Stack Exchange, for obvious reasons. Commented Jul 27, 2015 at 12:49
  • I have the same question. I'm trying to tests my software so that it could not create a file in a specific directory. For that I removed all writing permissions for the directory (chmod 555 dir). To my surprise, the software creates a file in the directory. When I try to create a file manually, linux (correctly) prohibits me from doing this. Commented Aug 28, 2018 at 0:15

1 Answer 1

Reset to default
2

Not sure what you mean by "a directory and its users inside".

The root user can always write to any file, so to make a file or directory writable only to root you make it non-writable by user, group, and others.

Note that the webroot dir is supposed to be writable by the apache user, so what you're trying to do is to give it the incorrect permissions. Anyway, the command would be:

chmod -R ugo-w /var/www/html/mywebsite/
chown -R root /var/www/html/mywebsite/

(this also changes the ownership of the files so the owner does not reactivate writing permissions; thanks to @Fiximan for the suggestion).

This is how you do this. Now, it looks like you have a XY Problem. If you tell us why you want to do this, perhaps we'll be able to suggest a better solution.

Improve this answer
6
  • 1
    to make sure that the user does not reactivate writing permissions, the owner could be set to root in addition. One might double-check the group and group permissions not to run into any problem though. Commented Jul 27, 2015 at 8:52
  • Hi @dr01, thanks. And sorry for any confusions. I've slighted updated my question. And also, i want to prevent "apache" also. (Only root to be able to write) Thanks! Commented Jul 27, 2015 at 9:08
  • About your edited post: all subdirs should be owned by apache. Which are the names of the other users that own subdirs in the web root? It looks like there's something wrong in your config. Commented Jul 27, 2015 at 9:20
  • Not really something wrong. There are a few number of owners there because of different uploads via FTP. But the brief point is, i just want all the files/directories to be READONLY, and then writable by root only. (Can forget about who owns what. Just not to let them WRITE) Commented Jul 27, 2015 at 9:47
  • You have different users that upload files via FTP in the WWW directory? Seems not quite right to me. Anyway, I've edited my answer -- that should work for you. Commented Jul 27, 2015 at 10:46

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.