pt-br:Mudando Permissões de Arquivos
Languages: English • Português do Brasil • 日本語 (Add your language)
 |
Artigo parcialmente traduzido ou que precisa de tradução Este documento está parcialmente traduzido ou precisa ser traduzido. Toda a tradução é feita por voluntários e você pode ser um deles.
Participar ▪ Artigos para traduzir ▪ Fórum de Suporte ▪ Todos os Artigos |
Contents
Em computador, os sistemas de arquivos e pastas têm permissões que especificam quem pode ler, escrever, modificar e acessar tais arquivos e pastas. Isto é importante porque o WordPress pode precisar de acesso para gravar arquivos na pasta wp-content do seu WordPress para habilitar algumas funções.
Modos de Permissão
7 5 5 usuário grupo todos r+w+x r+x r+x 4+2+1 4+0+1 4+0+1 = 755
The permission mode is computed by adding up the following values for the user, the file group, and for everyone else. The diagram shows how.
- Read 4 - Allowed to read files
- Write 2 - Allowed to write/modify files
- eXecute1 - Read/write/delete/modify/directory
7 4 4 user group world r+w+x r r 4+2+1 4+0+0 4+0+0 = 744
Exexmplos de Modo de Permissão
| Modo | Estrutura | Explicação |
|---|---|---|
| 0477 | -r--rwxrwx | PROPRIETÁRIO tem permissão somente leitura (4), OUTROS e GRUPO tem rwx (7) |
| 0677 | -rw-rwxrwx | PROPRIETÁRIO tem rw apenas(6), OUTROS e GRUPO tem rwx (7) |
| 0444 | -r--r--r-- | TODOS têm permissão somente leitura (4) |
| 0666 | -rw-rw-rw- | TODOS têm rw apenas (6) |
| 0400 | -r-------- | PROPRIETÁRIO tem permissão somente leitura(4), GRUPO e OUTROS não têm permissão(0) |
| 0600 | -rw------- | PROPRIETÁRIO tem rw apenas, GRUPO e OUTROS não têm permissão |
| 0470 | -r--rwx--- | PROPRIETÁRIO tem permissão somente leitura, GRUPO tem rwx, OUTROS não têm permissão |
| 0407 | -r-----rwx | PROPRIETÁRIO tem permissão somente leitura, OUTROS tem rwx, GRUPO não tem permissão |
| 0670 | -rw-rwx--- | PROPRIETÁRIO tem rw apenas, GRUPO tem rwx, OUTROS não têm permissão |
| 0607 | -rw----rwx | PROPRIETÁRIO tem rw apenas, GRUPO não tem permissão e OUTROS têm rwx |
Permission Scheme for WordPress
All files should be owned by your user account on your web server, and should be writable by your username. Any file that needs write access from WordPress should be group-owned by the user account used by the webserver. For example, you may have a user account that lets you FTP files back and forth to your server, but your server itself may run using a separate user, in a separate usergroup. A user such as dhapache or nobody.
The file and folder permissions of wordpress should be the same for most users, depending on the type of installation you performed and the umask settings of your system environment at the time of install.
For core WordPress files, all should be writable only by your user account. However, if you utilize mod_rewrite Permalinks or other .htaccess features you should make sure that WordPress can also write to your /.htaccess file.
If you want to use the built-in theme editor, all files need to be group writable. Try using it before modifying file permissions, it should work.
Some plugins require the /wp-content/ folder be made writeable, but in such cases they will let you know during installation. In some cases, this may require assigning 755 permissions or higher (e.g. 777 on some hosts). The same is true for /wp-content/cache/ and maybe /wp-content/uploads/
Additional directories under /wp-content/ should be documented by whatever plugin / theme requires them. Permissions will vary.
/ |- index.php |- wp-admin | `- wp-admin.css |- wp-blog-header.php |- wp-comments-post.php |- wp-commentsrss2.php |- wp-config.php |- wp-content | |- cache | |- plugins | |- themes | `- uploads |- wp-cron.php |- wp-includes `- xmlrpc.php
Using an FTP Client
FTP programs ("clients") allow you to set permissions for files and directories on your remote host. This function is often called chmod or set permissions in the program menu.
In a WordPress install, two files that you will probably want to alter are the index page, and the css which controls the layout. Here's how you change index.php - the process is the same for any file.
In the screenshot below, look at the last column - that shows the permissions. It looks a bit confusing, but for now just note the sequence of letters.
Right-click 'index.php' and select 'File Permissions'
A popup screen will appear.
Don't worry about the check boxes. Just delete the 'Numeric value:' and enter the number you need - in this case it's 666. Then click OK.
You can now see that the file permissions have been changed.
By default, most FTP Clients, including FileZilla, keep hidden files, those files beginning with a period (.), from being displayed. But, at some point, you may need to see your hidden files so that you can change the permissions on that file. For example, you may need to make your .htaccess file, the file that controls permalinks, writeable.
To display hidden files in FileZilla, in it is necessary to select 'View' from the top menu, then select 'Show hidden files'. The screen display of files will refresh and any previously hidden file should come into view.
To get FileZilla to always show hidden files - under Edit, Settings, Remote File List, check the Always show hidden files box.
Using the Command Line
If you have shell/SSH access to your hosting account, you can use chmod to change file permissions, which is the preferred method for experienced users. Before you start using chmod it would be recommended to read some tutorials to make sure you understand what you can achieve with it. Setting incorrect permissions can take your site offline, so please take your time.
You can make all the files in your wp-content directory writable in two steps, but before making every single file and folder writable you should first try safer alternatives like modifying just the directory. Try each of these commands first and if they dont work then go recursive, which will make even your themes image files writable. Replace DIR with the folder you want to write in
chmod 746 -v DIR chmod 747 -v DIR chmod 756 -v DIR chmod 757 -v DIR chmod 764 -v DIR chmod 765 -v DIR chmod 766 -v DIR chmod 767 -v DIR
If those fail to allow you to write, try them all again in order, except this time replace -v with -R, which will recursively change each file located in the folder. If after that you still cant write, you may now try 777.
About Chmod
chmod is a unix command that means "change mode" on a file. The -R flag means to apply the change to every file and directory inside of wp-content. 766 is the mode we are changing the directory to, it means that the directory is readable and writable by WordPress and any and all other users on your system. Finally, we have the name of the directory we are going to modify, wp-content. If 766 doesn't work, you can try 777, which makes all files and folders readable, writable, and executable by all users, groups, and processes.
If you use Permalinks you should also change permissions of .htaccess to make sure that WordPress can update it when you change settings such as adding a new page, redirect, category, etc.. which requires updating the .htaccess file when mod_rewrite Permalinks are being used.
- Go to the main directory of WordPress
- Enter
chmod -v 666 .htaccess
The dangers of 777
The crux of this permission issue is how your server is configured. The username you use to FTP or SSH into your server is most likely not the username used by the server application itself to serve pages.
7 7 7 user group world r+w+x r+w+x r+w+x 4+2+1 4+2+1 4+2+1 = 777
Often the Apache server is 'owned' by the dhapache or nobody user accounts. These accounts have a limited amount of access to files on the server, for a very good reason. By setting your personal files and folders owned by your user account to be World-Writable, you are literally making them World Writable. Now the dhapache and nobody users that run your server, serving pages, executing php interpreters, etc.. will have full access to your user account files.
This provides an avenue for someone to gain access to your files by hijacking basically any process on your server, this also includes any other users on your machine. So you should think carefully about modifying permissions on your machine. I've never come across anything that needed more than 767, so when you see 777 ask why its necessary.
The Worst Outcome
The worst that can happen as a result of using 777 permissions on a folder or even a file, is that if a malicious cracker or entity is able to upload a devious file or modify a current file to execute code, they will have complete control over your blog, including having your database information and password.
Find a Workaround
Its usually pretty easy to have the enhanced features provided by the impressive WordPress plugins available, without having to put yourself at risk. Contact the Plugin author or your server support and request a workaround.
Finding Secure File Permissions
The .htaccess file is one of the files that is accessed by the owner of the process running the server. So if you set the permissions too low, then your server won't be able to access the file and will cause an error. Therein lies the method to find the most secure settings. Start too restrictive and increase the permissions until it works.
Example Permission Settings
The following example has a custom compiled php-cgi binary and a custom php.ini file located in the cgi-bin directory for executing php scripts. To prevent the interpreter and php.ini file from being accessed directly in a web browser they are protected with a .htaccess file.
Default Permissions (umask 022)
644 -rw-r--r-- /home/user/wp-config.php 644 -rw-r--r-- /home/user/cgi-bin/.htaccess 644 -rw-r--r-- /home/user/cgi-bin/php.ini 755 -rwxr-xr-x /home/user/cgi-bin/php.cgi 755 -rwxr-xr-x /home/user/cgi-bin/php5.cgi
Secured Permissions
600 -rw-r--r-- /home/user/wp-config.php 604 -rw----r-- /home/user/cgi-bin/.htaccess 600 -rw------- /home/user/cgi-bin/php.ini 711 -rwx--x--x /home/user/cgi-bin/php.cgi 100 ---x------ /home/user/cgi-bin/php5.cgi
.htaccess permissions
644 > 604 - The bit allowing the group owner of the .htaccess file read permission was removed. 644 is normally required and recommended for .htaccess files.
php.ini permissions
644 > 600 - Previously all groups and all users with access to the server could access the php.ini, even by just requesting it from the site. The tricky thing is that because the php.ini file is only used by the php.cgi, we only needed to make sure the php.cgi process had access. The php.cgi runs as the same user that owns both files, so that single user is now the only user able to access this file.
php.cgi permissions
755 > 711 This file is a compiled php-cgi binary used instead of mod_php or the default vanilla php provided by the hosting company. The default permissions for this file are 755, which
php5.cgi permissions
755 > 100 - Because of the setup where the user account is the owner of the process running the php cgi, no other user or group needs access, so we disable all access except execution access. This is interesting because it really works. You can try reading the file, writing to the file, etc.. but the only access you have to this file is to run php scripts. And as the owner of the file you can always change the permission modes back again.
$ cat: php5.cgi: Permission denied ./php5.cgi: Welcome
Sites
 |
A documentação do WordPress em Português do Brasil.
Todas as comunidades lusófonas também são bem-vindas! Adicione {{Codex-pt}} em seus artigos. |