Menu
SuiteCRM dedicated support by SalesAgility
Welcome, Guest
Username: Password: Remember me

TOPIC: File and folder permissions and htaccess+DB user privleges?

File and folder permissions and htaccess+DB user privleges? 1 week 7 hours ago #75166

  • PowerQuest
  • PowerQuest's Avatar
  • Offline
  • New Member
  • Posts: 4
  • Karma: 0
Hello everyone. :lol:
  1. What is the recommended settings for file and folder permissions and htccess to harden the server from a security standpoint?
  2. Also what is the recommended bare minimum database user's privileges after running the installation?
    (Having the user on full privileges is in general dangerous and a should be avoided.)
We are about to run a installation of suiteCRM on our servers and are trying to prep the upload before installing it so it would be apprecaited to know more about this..

Thanks!
Last Edit: 1 week 7 hours ago by PowerQuest.
The administrator has disabled public write access.

File and folder permissions and htaccess+DB user privleges? 6 days 22 hours ago #75204

  • pgr
  • pgr's Avatar
  • Offline
  • Administrator
  • Posts: 8555
  • Thank you received: 1307
  • Karma: 311
Hi

about the Linux permissions, I would just remove the "everyone" permissions, they shouldn't be necessary. so use 770 instead of 775, and 750 instead of 755. Make sure your file ownerships will use the "user" or "group" privileges from those codes.

About the database, I never tried hardening database permissions for SuiteCRM. I am not sure how much you can remove. SuiteCRM will need to read/write data, but also to add new tables and change columns on existing tables. Remember this is an app that writes itself, you change things in Studio and these changes will affect database structure, not just database data.

I suppose you can use tighter restrictions, if you are willing to exclude usage of Studio and Quick Repairs and Rebuilds (in production server, I don't suppose you will want to do that in development). Or you can give permissions only temporarily for these operations.

My SuiteCRM In-depth blog.
Thank you for always stating your SuiteCRM version, checking your logs, reading the Docs, and searching before you ask!
The administrator has disabled public write access.

File and folder permissions and htaccess+DB user privleges? 6 days 21 hours ago #75208

  • PowerQuest
  • PowerQuest's Avatar
  • Offline
  • New Member
  • Posts: 4
  • Karma: 0
Thank you for your help and your reply pgr!

So in regards of hardening the DB user, would this sufffice do you think?
Select, insert, update, Create, Alter, Drop, Delete.

For the file and folder, do you apply that too all files and folders then?

Thank you! :cheer:
The administrator has disabled public write access.

File and folder permissions and htaccess+DB user privleges? 6 days 6 hours ago #75220

  • pgr
  • pgr's Avatar
  • Offline
  • Administrator
  • Posts: 8555
  • Thank you received: 1307
  • Karma: 311
So in regards of hardening the DB user, would this suffice do you think?
Select, insert, update, Create, Alter, Drop, Delete.

What does that leave out?

The only way to find out is to try it, remember what I said above, I never tried this.

About Linux permissions (an issue I am more familiar with), I am thinking in terms of the basic recommended permissions:
sudo chown -R www-data:www-data .
  sudo chmod -R 755 .
  sudo chmod -R 775 cache custom modules themes data upload
  sudo chmod 775 config_override.php 2>/dev/null

(replacing www-data for whatever your web server user is called).

These are the permissions where I would harden by dropping the last "5" from each of those numbers.

My SuiteCRM In-depth blog.
Thank you for always stating your SuiteCRM version, checking your logs, reading the Docs, and searching before you ask!
The administrator has disabled public write access.

File and folder permissions and htaccess+DB user privleges? 6 days 5 hours ago #75227

  • PowerQuest
  • PowerQuest's Avatar
  • Offline
  • New Member
  • Posts: 4
  • Karma: 0
Thank you for your valuble help.

What does that leave out?


So that is how it would look like.
The administrator has disabled public write access.

File and folder permissions and htaccess+DB user privleges? 6 days 4 hours ago #75232

  • pgr
  • pgr's Avatar
  • Offline
  • Administrator
  • Posts: 8555
  • Thank you received: 1307
  • Karma: 311
Hmm, ok. I know the installer creates indexes, sometimes also the upgraders. But probably not during normal every day execution.

I don't know about "lock tables", I guess you can just search the code to see if it's used.

Please come back here and tell us about your experience, after you've deployed. Thanks!

My SuiteCRM In-depth blog.
Thank you for always stating your SuiteCRM version, checking your logs, reading the Docs, and searching before you ask!
The administrator has disabled public write access.
The following user(s) said Thank You: PowerQuest

File and folder permissions and htaccess+DB user privleges? 6 days 3 hours ago #75236

  • PowerQuest
  • PowerQuest's Avatar
  • Offline
  • New Member
  • Posts: 4
  • Karma: 0
Alright, thank you very much for your appreciated help! :cheer:
The administrator has disabled public write access.
Time to create page: 0.076 seconds
Powered by Kunena Forum