novid's picture

Not all environments allow you to use /tmp directory for temporal storage of application data. I found the following configuration useful for Backdrop on my shared hosting environment:

  • Public: files/public (775)
  • Private: files/private (770)
  • Temporary: files/tmp (770)
file system configuration
File System Configuration
file system permission
File System Permission

So, what is your configuration on such environments?

Comments

Olafski's picture

Hello novid, thanks for sharing your configuration! I'm not an expert of file and directory permission, but setting the public permissions of private and tmp to zero sounds like a good idea.

By the way, Backdrop also tries to create a .htaccess file to restrict access in the mentioned directories.

Another good practice could be to choose unguessable names for such directories, something like private_pnocuffuqtwc4zsda686c5wbq4rc4aab.