mirror of
https://github.com/LCTT/TranslateProject.git
synced 2024-12-29 21:41:00 +08:00
commit
8663d02c1b
@ -1,154 +0,0 @@
|
||||
translating by yizhuoyan
|
||||
|
||||
How To Set Readonly File Permissions On Linux / Unix Web Server DocumentRoot
|
||||
======
|
||||
|
||||
How do I set a read-only permission for all of my files stored in /var/www/html/ directory?
|
||||
|
||||
You can use the chmod command to set read-only permission for all files on a Linux / Unix / macOS / Apple OS X / *BSD operating systems. This page explains how to setup read only file permission on Linux or Unix web server such as Nginx, Lighttpd, Apache and more.
|
||||
|
||||
[![Proper read-only permissions for Linux/Unix Nginx/Apache web server's directory][1]][1]
|
||||
|
||||
### How to set files in read-only mode
|
||||
|
||||
|
||||
The syntax is:
|
||||
```
|
||||
### use only for files ##
|
||||
chmod 0444 /var/www/html/*
|
||||
chmod 0444 /var/www/html/*.php
|
||||
```
|
||||
|
||||
### How to to set directories in read-only mode
|
||||
|
||||
TO set directories in read-only mode, enter:
|
||||
```
|
||||
### use only for dirs ##
|
||||
chmod 0444 /var/www/html/
|
||||
chmod 0444 /path/to/your/dir/
|
||||
# ***************************************************************************
|
||||
# Say webserver user/group is www-data, and file-owned by ftp-data user/group
|
||||
# ***************************************************************************
|
||||
# All files/dirs are read-only
|
||||
chmod -R 0444 /var/www/html/
|
||||
# All files/dir owned by ftp-data
|
||||
chown -R ftp-data:ftp-data /var/www/html/
|
||||
# All directories and sub-dirs has 0445 permission (so that webserver user www-data can read our files)
|
||||
find /var/www/html/ -type d -print0 | xargs -0 -I {} chmod 0445 "{}"
|
||||
```
|
||||
To find all files (including sub-directories in /var/www/html) and set read-only permission, enter:
|
||||
```
|
||||
### works on files only ##
|
||||
find /var/www/html -type f -iname "*" -print0 | xargs -I {} -0 chmod 0444 {}
|
||||
```
|
||||
|
||||
However, you need to set set read-only and execute permission on /var/www/html and all sub-directories so that web server can enter into your DocumentRoot, enter:
|
||||
```
|
||||
### works on dirs only ##
|
||||
find /var/www/html -type d -iname "*" -print0 | xargs -I {} -0 chmod 0544 {}
|
||||
```
|
||||
|
||||
### A warning about write permission
|
||||
|
||||
Please note that write access on a directory /var/www/html/ allows anyone to remove or add new files. In other words, you may need to set a read-only permission for /var/www/html/ directory itself:
|
||||
```
|
||||
### read-only web-root but web server allowed to read files ##
|
||||
chmod 0555 /var/www/html
|
||||
```
|
||||
|
||||
In some cases you can change file owner and group to set tight permissions as per your setup:
|
||||
```
|
||||
### Say /var/www/html is owned by normal user, you can set it to root:root or httpd:httpd (recommended) ###
|
||||
chown -R root:root /var/www/html/
|
||||
|
||||
### Make sure apache user owns /var/www/html/ ##
|
||||
chown -R apache:apache /var/www/html/
|
||||
```
|
||||
|
||||
### A note about NFS exported directories
|
||||
|
||||
You can specify whether the directory should have [read-only or read/write permissions using /etc/exports][2] file. This file defines the various shares on the NFS server and their permissions. A few examples:
|
||||
```
|
||||
# Read-only access to anyone
|
||||
/var/www/html *(ro,sync)
|
||||
|
||||
# Read-write access to a client on 192.168.1.10 (upload.example.com)
|
||||
/var/www/html 192.168.1.10(rw,sync)
|
||||
```
|
||||
|
||||
### A note about read-only Samba (CIFS) share for MS-Windows clients
|
||||
|
||||
To share sales as read-only, update smb.conf as follows:
|
||||
```
|
||||
[sales]
|
||||
comment = Sales Data
|
||||
path = /export/cifs/sales
|
||||
read only = Yes
|
||||
guest ok = Yes
|
||||
```
|
||||
|
||||
### A note about file systems table
|
||||
|
||||
You can use the /etc/fstab file on Unix or Linux to configure to mount certain files in read-only mode. You need to have a dedicated partition. Do not set / or other system partitions in read-only mode. In this example /srv/html is set to read-only mode using /etc/fstab file:
|
||||
```
|
||||
/dev/sda6 /srv/html ext4 ro 1 1
|
||||
```
|
||||
|
||||
You can use the mount command to [remount partition in read-only mode][3] (run it as the root user):
|
||||
```
|
||||
# mount -o remount,ro /dev/sda6 /srv/html
|
||||
```
|
||||
OR
|
||||
```
|
||||
# mount -o remount,ro /srv/html
|
||||
```
|
||||
The above command will try to attempt to remount an already-mounted filesystem at /srv/html. This is commonly used to change the mount flags for a filesystem, especially to make a readonly filesystem writeable. It does not change device or mount point. To make file system writable again, enter:
|
||||
```
|
||||
# mount -o remount,rw /dev/sda6 /srv/html
|
||||
```
|
||||
OR
|
||||
```
|
||||
# mount -o remount,rw /srv/html
|
||||
```
|
||||
|
||||
### Linux: chattr Command
|
||||
|
||||
You can change file [attributes on a Linux file system to read-only][4] using the chattr command:
|
||||
```
|
||||
chattr +i /path/to/file.php
|
||||
chattr +i /var/www/html/
|
||||
|
||||
# find everything in /var/www/html and set to read-only #
|
||||
find /var/www/html -iname "*" -print0 | xargs -I {} -0 chattr +i {}
|
||||
```
|
||||
|
||||
To remove read-only attribute pass the -i option:
|
||||
```
|
||||
# chattr -i /path/to/file.php
|
||||
```
|
||||
FreeBSD, Mac OS X and other BSD unix user can use the [chflags command][5]:
|
||||
```
|
||||
### set read-only ##
|
||||
chflags schg /path/to/file.php
|
||||
|
||||
# remove read-only ##
|
||||
chflags noschg /path/to/file.php
|
||||
```
|
||||
|
||||
|
||||
--------------------------------------------------------------------------------
|
||||
|
||||
via: https://www.cyberciti.biz/faq/howto-set-readonly-file-permission-in-linux-unix/
|
||||
|
||||
作者:[Vivek Gite][a]
|
||||
译者:[译者ID](https://github.com/译者ID)
|
||||
校对:[校对者ID](https://github.com/校对者ID)
|
||||
|
||||
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
|
||||
|
||||
[a]:https://www.cyberciti.biz
|
||||
[1]:https://www.cyberciti.biz/media/new/faq/2012/04/linux-unix-set-read-only-file-system-permission-for-apache-nginx.jpg
|
||||
[2]:https://www.cyberciti.biz//www.cyberciti.biz/faq/centos-fedora-rhel-nfs-v4-configuration/
|
||||
[3]:https://www.cyberciti.biz/faq/howto-freebsd-remount-partition/
|
||||
[4]:https://www.cyberciti.biz/tips/linux-password-trick.html
|
||||
[5]:https://www.cyberciti.biz/tips/howto-write-protect-file-with-immutable-bit.html
|
@ -0,0 +1,167 @@
|
||||
|
||||
如何在Linux/Unix中的Web服务根文档目录(DocumentRoot)上设置只读文件权限
|
||||
======
|
||||
我是如何对存放在/var/www/html/目录中的所有我的文件设置只读权限的?
|
||||
|
||||
|
||||
你可以使用`chmod`命令对Linux / Unix / macOS / Apple OS X / *BSD操作系统上的所有文件来设置只读权限。这篇文章介绍如何在Linux/Unix的web服务器(如 Nginx, Lighttpd, Apache等)上来设置只读文件权限。
|
||||
[![Proper read-only permissions for Linux/Unix Nginx/Apache web server's directory][1]][1]
|
||||
|
||||
### 如何设置文件为只读模式
|
||||
|
||||
|
||||
语法为:
|
||||
|
||||
```
|
||||
### 仅针对文件 ##
|
||||
chmod 0444 /var/www/html/*
|
||||
chmod 0444 /var/www/html/*.php
|
||||
```
|
||||
|
||||
### 如何设置目录为只读模式
|
||||
|
||||
语法为:
|
||||
```
|
||||
### 仅针对目录##
|
||||
chmod 0444 /var/www/html/
|
||||
chmod 0444 /path/to/your/dir/
|
||||
# ***************************************************************************
|
||||
# Say webserver user/group is www-data, and file-owned by ftp-data user/group
|
||||
# 假如webserver用户/用户组是www-data ,文件拥有者是ftp-data用户/用户组
|
||||
# ***************************************************************************
|
||||
# 设置目录所有文件为只读
|
||||
chmod -R 0444 /var/www/html/
|
||||
#设置文件/目录拥有者为ftp-data
|
||||
chown -R ftp-data:ftp-data /var/www/html/
|
||||
# 所有目录和子目录的权限为0445 (这样webserver用户或用户组就可以读取我们的文件)
|
||||
find /var/www/html/ -type d -print0 | xargs -0 -I {} chmod 0445 "{}"
|
||||
```
|
||||
找到所有/var/www/html下的所有文件(包括子目录),键入:
|
||||
|
||||
```
|
||||
### 仅对文件有效##
|
||||
find /var/www/html -type f -iname "*" -print0 | xargs -I {} -0 chmod 0444 {}
|
||||
```
|
||||
然而,你需要在/var/www/html目录及其子目录上设置只读和执行权限,如此才能让web server能够访问根目录,键入:
|
||||
|
||||
```
|
||||
### 仅对目录有效 ##
|
||||
find /var/www/html -type d -iname "*" -print0 | xargs -I {} -0 chmod 0544 {}
|
||||
```
|
||||
|
||||
### 警惕写权限
|
||||
|
||||
|
||||
请注意在/var/www/html/目录上的写权限会允许任何人删除文件或添加新文件。也就是说,你可能需要设置一个只读权限给/var/www/html/目录本身。
|
||||
```
|
||||
### web根目录只读##
|
||||
chmod 0555 /var/www/html
|
||||
```
|
||||
在某些情况下,根据你的设置要求,你可以改变文件的属主和属组来设置严格的权限。
|
||||
```
|
||||
### 如果/var/www/html目录的拥有人是普通用户,你可以设置拥有人为: root:root 或 httpd:httpd (推荐) ###
|
||||
chown -R root:root /var/www/html/
|
||||
|
||||
### 确保apache拥有/var/www/html/ ##
|
||||
chown -R apache:apache /var/www/html/
|
||||
```
|
||||
|
||||
### 关于NFS导出目录
|
||||
|
||||
你可以在/etc/exports文件中指定哪个目录应该拥有[只读或者读写权限 ][2] . 这个文件定义各种各样的共享在NFS服务器和他们的权限。如:
|
||||
|
||||
```
|
||||
# 对任何人只读权限
|
||||
/var/www/html *(ro,sync)
|
||||
|
||||
# 对192.168.1.10(upload.example.com)客户端读写权限访问
|
||||
/var/www/html 192.168.1.10(rw,sync)
|
||||
```
|
||||
|
||||
|
||||
### 关于Samba (CIFS)只读共享对MS-Windows客户端
|
||||
|
||||
|
||||
共享sales为只读,更新smb.conf,如下:
|
||||
```
|
||||
[sales]
|
||||
comment = Sales Data
|
||||
path = /export/cifs/sales
|
||||
read only = Yes
|
||||
guest ok = Yes
|
||||
```
|
||||
|
||||
### 关于文件系统表(file systems table)
|
||||
|
||||
你可以在Unix/Linux上的/etc/fstab文件中配置挂载某些文件为只读模式。
|
||||
你需要有专用分区,不要设置其他系统分区为只读模式。
|
||||
|
||||
如下在/etc/fstab文件中设置/srv/html为只读模式。
|
||||
```
|
||||
/dev/sda6 /srv/html ext4 ro 1 1
|
||||
```
|
||||
你可以使用`mount`命令[重新挂载分区为只读模式][3](使用root用户)
|
||||
|
||||
```
|
||||
# mount -o remount,ro /dev/sda6 /srv/html
|
||||
```
|
||||
或者
|
||||
```
|
||||
# mount -o remount,ro /srv/html
|
||||
```
|
||||
|
||||
|
||||
上面的命令会尝试重新挂载已挂载的文件系统在/srv/html上。这是改变文件系统挂载标志的常用方法,特别是让只读文件改为可写的。这种方式不会改变设备或者挂载点。让文件变得再次可写,键入:
|
||||
```
|
||||
# mount -o remount,rw /dev/sda6 /srv/html
|
||||
```
|
||||
或
|
||||
```
|
||||
# mount -o remount,rw /srv/html
|
||||
```
|
||||
|
||||
### Linux: chattr 命令
|
||||
|
||||
|
||||
你可以在Linux文件系统上使用`chattr`命令[改变文件属性为只读][4],如:
|
||||
```
|
||||
chattr +i /path/to/file.php
|
||||
chattr +i /var/www/html/
|
||||
|
||||
# 查找任何在/var/www/html下的文件并设置为只读#
|
||||
find /var/www/html -iname "*" -print0 | xargs -I {} -0 chattr +i {}
|
||||
```
|
||||
|
||||
|
||||
通过提供`-i`选项可删除只读属性
|
||||
```
|
||||
chattr -i /path/to/file.php
|
||||
```
|
||||
|
||||
FreeBSD, Mac OS X 和其他BSD Unix用户可使用[`chflags`命令][5]:
|
||||
|
||||
```
|
||||
### 设置只读 ##
|
||||
chflags schg /path/to/file.php
|
||||
|
||||
### 删除只读 ##
|
||||
chflags noschg /path/to/file.php
|
||||
```
|
||||
|
||||
|
||||
--------------------------------------------------------------------------------
|
||||
|
||||
来源: https://www.cyberciti.biz/faq/howto-set-readonly-file-permission-in-linux-unix/
|
||||
|
||||
作者:[Vivek Gite][a]
|
||||
译者:[yizhuoyan](https://github.com/yizhuoyan)
|
||||
校对:[校对者ID](https://github.com/校对者ID)
|
||||
|
||||
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
|
||||
|
||||
[a]:https://www.cyberciti.biz
|
||||
[1]:https://www.cyberciti.biz/media/new/faq/2012/04/linux-unix-set-read-only-file-system-permission-for-apache-nginx.jpg
|
||||
[2]:https://www.cyberciti.biz//www.cyberciti.biz/faq/centos-fedora-rhel-nfs-v4-configuration/
|
||||
[3]:https://www.cyberciti.biz/faq/howto-freebsd-remount-partition/
|
||||
[4]:https://www.cyberciti.biz/tips/linux-password-trick.html
|
||||
[5]:https://www.cyberciti.biz/tips/howto-write-protect-file-with-immutable-bit.html
|
Loading…
Reference in New Issue
Block a user