Out of curiosity, why is the execution bit needed?
Finally, we have a very simple web server, Red Hat Enterprise Linux, where Apache runs as user apache and group apache (apache:apache), running httpd (this is apache in this distribution). Is the suggested “chmod -R 775 files” the best to use, or could a more pared-back set of permissions be suggested if anyone has time? I thought I would ask rather than risk breaking anything for my users. Right now, everything is setup with apache:apache as the owner user and group for the files folder and 775, but I was curious if these could be tighted up some in this instance.
I am fairly new to Linux administration, so I welcome any help/guidance you might have! If not, no worries.
Thank you so much.
-Wublin
Directories in Linux/Unix systems use the “execute” bit to give permission to access things that are inside it. Without the “x” bit set, even if you have “r” on the directory you can’t read the files inside (or subdirectories, etc.)
I’m assuming in your setup that PHP (and therefore Omeka) also executes as the “apache” user, this is common but not always the case. In that situation you could pare the permissions down more if you wanted; particularly the third octal digit there for “others” you could take all the way down to zero if you wanted to block other users on the system from even reading the files (but all they have currently is read access, so if you don’t want or need to revoke that there’s no need to tighten that down). The second digit could be reduced also, but only affects users who are in the “apache” group but who are not the actual “apache” user.
This helps a lot, thank you so much! I really appreciate it. I was conflating the directory permissions and the file permissions. A much needed lesson.
If I may also ask here, in a similar vein, if I am moving files from another server to a new server and also have Item files that are 755, would it be suggested that I make all of the media files in /files/ 644? It seemed like the software uploads new files as 644, but I wanted to make sure I could just change all existing to 644. I ask because I have several inherited Omeka installations, with varying permissions on the media files underneath/files/… I wanted to make sure they are proper on the new server, rather than me mimicking what was on the old.
Thanks again for all your help… just when you get some time. But please let me know if I am mistaken on the above.
-Wublin
644 would be typical for the files. Omeka isn’t very picky about what the permissions of the files themselves are: it pretty much only needs the web server to be able to read them to serve them.