Check Apache Permissions

By | 2011/03/01

How can I check Apache permissions for world writeable files or directories?
You can use the find command to check for 777 (world writeable) directories and files.

This command searches for directories that are 777 in /var/www/:

sudo find /var/www/ -type d -perm -002

And this command searches for files that are 777 in /var/www/:

sudo find /var/www/ -type f -perm -002

Web server files or directories should never be 777. In general, directories should be 750 or 755. Files should be 644 or 640.

But WordPress / Drupal / etc doesn’t work if the upload directory is not 777!
Upload / file directories work just fine as 755. Just make sure the owner of the upload directory is apache (centos) or www-data (ubuntu/debian). Ex:

sudo chown www-data someupload_directory/

Ok, so now how do I fix directories or files that are 777?

Use the chmod command to set proper permissions. You may have to use sudo, depending on the location of the file or directory. Ex:

sudo chmod 755 directory/
sudo chmod 644 myfile.txt