2

When I upload images from Magento 1.9 products page, they get permissions 777. I also found a few other 777 folders, such as media/catalog/product folders, and cached images.

Also var/cache folders are created with 777, files inside are 600.

I've run the following to make all my folders 644 and all the files 755:

find . -type f -exec chmod 644 {} \; find . -type d -exec chmod 755 {} \;

After the above, I still get new uploaded images with 777 permissions.

Any ideas?

  • Update #1: Checked Mage_Cache_Backend_File, files are set on 644 and folders on 755.

  • Update #2: Checked umask, was 022, also added it to ~/.bashrc, no change.

  • Update #3: changed umask(0) to umask(022) in index.php.

When I upload a new image, i.e. demo.jpg, then the first folder gets created with 755 params:

media/catalog/product/d 755 media/catalog/product/d/e 777 media/catalog/product/d/e/demo.jpg 777

Edit:

As Fiasco Labs proposed, I searched with Notepad++ inside files for 0777 entries and changed them to 0644 or 0755 depending if files/folders.

It resulted as the first folder created to be 755 and the second folder to 777, but the files inside are now 644. So, issue is almost solved, need to dig a bit more.

So I re-set the permissions from time to time just to be sure it's OK.

Improve this question
1
  • 2
    Probably find it's hardcoded within Magento somewhere. Since Magento must run on many different server setups, a portion which do not run the http server user/group as the ssh/sftp user/group, the files are being created as 777 so that they are accessible by everyone. You'll need to hunt the code down and create a module that creates the files with your desired permissions. This is why the media/ folder .htaccess shuts off php/cgi execution out of the folder as certain Magento operations allow frontend users to upload files which would leave a massive security hole. Commented Oct 18, 2015 at 18:43

1 Answer 1

Reset to default
1

You can download magentocleanup.php and run the file to set the correct Files/Folder permission.

Improve this answer
2
  • I got the permissions 777/644 by the above command I quoted, my issue is that after that, I still get 777 permissions on new files. Will that php you're saying fix that issue? Either way, I got it from here and I get Warning: chmod(): Operation not permitted errors. github.com/IndiesServices/Magento/blob/master/… Commented Oct 17, 2015 at 14:07
  • yes its a common file to set the file / folder permission to the proper magento. Commented Oct 19, 2015 at 5:55

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.