Hi there, Im a relative noob and this is my first post on Linode as most of the information I have needed to get going has been easy to find on these boards or within the Library, fantastic.

I find the world of permissions a little confusing so if somebody spell out what im trying to achieve in a non jargon way that would be a great help.

I have recently setup a a linode running on Ubuntu 10.04

I installed php5 and set up a virtual host and installed a php script that I wrote.

The script includes a lot of image manipulation and on my old dedicated server which was setup for me, I had the folders set to 755 and the images set to 644.

This worked fine and never give me any issues.

On my linode however im getting a lot of permission denied errors.

If I set everything to 777 it works but Im a bit wary of doing this.

Can anybody tell me in plain english how I can have my settings remaining at 755/644 ?

Thanks for reading

If the files and folders are owned by the same user who runs PHP (usually "www-data" in Ubuntu), the 755/644 permissions are OK. Since the ownership is the same, the first digit of the permissions is what matters. 7/6 means the files and folders are writable.

If the files and folders are owned by a different user, 755/644 will cause a "permission denied" error. Since the ownership is different, the last digit is what matters. 5/4 means the files and folders are readable but not writable. Changing the permissions to 777/666 would allow everyone to read and write, so this makes the errors go away.

Note that "everyone" doesn't mean literally everyone on Earth. It means every user account on the server, i.e. anyone who can log into the server, who has a website hosted on the server, or who can somehow manipulate one or more of the programs that are running on the server. (If the programs are vulnerable, this last category actually includes every competent hacker -- so this is still dangerous.)

You can fix this situation in one of two ways:

1. Change the ownership of your files and folders to "www-data". This is a quick fix, but it usually works just fine if you have only one site or if all of your sites are managed by yourself.

2. Make PHP run as the same user that owns the files and folders. This is more complicated, as it requires suexec/fastcgi/mpm-worker. This is technically the "right way" to do it, if you have several sites that are managed by untrusted parties. (There are tutorials out there, but it can be tricky. Lightweight web servers such as lighttpd and nginx can also be configured in this way.)

Thanks very much for this response. I will have a good read up on the points you have made. Once again, many thanks.