db.ini permissions

Hi. Quick unix question about db.ini permissions.

I've chown'd this file so that the server owns it, but I'm not clear exactly who should have access.

Should this be chmod 700? or chmod 755, which was the default upon uploading it.


By default a working file permission should be: 644. Hope it helps. Please do let us know with any upcoming issues.

Hello Omeka community, this is my first post here - I want to say that I love the software and the support!

Sorry for re-upping an old thread, but I was thinking about security issues implied in going from offline/testing to online/production and I came across this.

I've read the installation guides for Ubuntu (and applied the command line one) and I realized that the file db.ini (which contains non-encrypted data such as database password!) turns out to have a 644 permission (-rw-r--r--). But this way I'm exposing my password to virtually anyone on the internet, am I right?

If so, would not be safer to have a 640 permission for it (-rw-r-----)? Are there other important folders/files that need to be properly secured? Are there other security advices that one should know, besides the Security settings in the admin interface?

Thanks in advance for helping!

All .ini files are specifically denied in the Apache config for Omeka, so you're not exposing your password to "anyone on the Internet," regardless of the permissions.

On the other hand, the permissions do matter for what other users on your server can see and yes, 0644 means any other user on that server can read your database username and password. If the group of that file is set to whatever group your web server executes as, then 0640 is permissive enough to allow Omeka to work, but would lock out other users from reading the file.

As long as the group is set properly, there's really little to no need to have "world" permissions for any Omeka file, unless you specifically want other users to have access.

John, thank you so much for your prompt and complete answer, it really helps.

Best regards,