Menu
Currently I set 0777 to all the directories and files.
However, I'm scared of being accessed from others.
Log files and all the controllers, models, views, and the files in config are set to 0777
In general, how they are supposed to be set?
736
You can configure your own code through the Rails configuration object with custom configuration under either the config.x namespace, or config directly.
Now that we have Ruby, we need to get the Rails framework. In Ruby, we call a package a gem. To install a gem, you use the command gem install [packageName]. The gem command is provided by the package manager RubyGems. So, in our case, open a terminal window and run: gem install rails.
That environment is no different than the default ones, start a server with bin/rails server -e staging, a console with bin/rails console -e staging, Rails.env.staging? works, etc. By default Rails expects that your application is running at the root (e.g. / ). This section explains how to run your application inside a directory.
In general, the work of configuring Rails means configuring the components of Rails, as well as configuring Rails itself. The configuration file config/application.rb and environment-specific configuration files (such as config/environments/production.rb) allow you to specify the various settings that you want to pass down to all of the components.
You should definitely not use 0777 for your file permissions. This more easily exposes you to vulnerabilities.
In general, follow this principle:
For folders, use 0755, which equates to rwxr-xr-x. The execute permission allows folder contents to be viewed.
find /your/rails/dir -type d -exec chmod 755 {} +
For executed scripts, also use 0755. This allows anyone to execute the scripts, but not make changes (write) to them.
For all other files, use 0644 which equates to rw-r--r--. This allows everyone to read the file, the owner to write to the file, and no one to execute the file. This prevents, among other things, malicious scripts from being uploaded and executed.
find /your/rails/dir -type f -exec chmod 644 {} +
Optionally, files containing passwords you could consider more restrictive permissions on, especially config/database.yml or any files containing passwords for things like mail services (mandrill, sendgrid, postmark), Amazon S3 buckets, or Redis connections. For these files you might use 0600.
In a production environment, your rails app should be running as the same user (not root) that owns all of these files. This is accomplished most easily by using passenger, unicorn, or running a web server such as mongrel or webrick as the local user listening on a port such as localhost:3000, and having Apache or Nginx reverse proxy to localhost:3000.
109
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
