Drupal and File Permissions

lovedrupal · 2010-01-20 00:31:31 UTC

I have been using Drupal exclusively to build sites, but am having a difficult time understanding file permissions and what I need to set my Dreamhost settings to.

I don’t want anyone but me to have access to the server, but I do want users to be able to post to the site. So are the server file permission settings different than User Permissions on the site?

Is 444 the best way to do it for all sites? Do I need separate settings for each folder within my Drupal folders, like the Sites folder?

I really appreciate any help you can give. I have sent all my clients through Dreamhost because I have had such great experience with them.

btw - I have checked all my sites and the root folder has these permissions:
rwxr-xr-x
It looks like the files within there (changelog.txt, etc…) have:
rw–r--r–

Thanks!

Andrew_F · 2010-01-20 01:10:23 UTC

Leave the file permissions alone. Postings to Drupal are stored in the database, not in the site directory, so the file permissions have no effect whatsoever. Everything you’re after is controlled by the permissions settings within the Drupal application.

lovedrupal · 2010-01-20 18:16:35 UTC

Is that true? Then why is it such a talked-about topic in the current security forums on Drupal? The big guys are the ones saying to check file permissions - plus, I have never read that it’s a non-issue.