1
applaud
Permissions
  • 2009/11/18 2:35

  • applaud

  • Just popping in

  • Posts: 10

  • Since: 2006/5/13


I have received this from my hosting people today.

We have identified the following issues with your account on the
karora.instanthosting.com.au server during one of our checks of customers accounts
and recommend investigating the issues listed below as soon as possible as they may
affect the performance or security of your account.

* The following files/folders and some of their sub directories can be overwritten
by other users (permissions set to 777), this is considered unsafe and as others
could change these files we recommend setting the permissions to 755 using the file
manager in cPanel or an FTP program.

public_html/playground/templates_c
public_html/playground/uploads
public_html/playground/cache
public_html/playground/modules/changelog.txt
public_html/playground/modules/install.txt
public_html/playground/modules/upgrade.txt
public_html/playground/modules/license.txt


Can anyone tell me if there are any issues with this or am I safe to do it?

2
jdseymour
Re: Permissions

File and folder permissions of 777 is an issue with security. However, some server setups require it for a CMS with any kind of cache to run.

A properly setup server should allow it to run at 755 or at the very least 775. The files and folders should be owned by the user the web server runs as.

The numbers stand for:

7 - read, write and execute
5 - read and execute
4 - read only

The order of the numbers mean:

7/7/7

Owner/Group/Other

The other in the above is anyone in the world. Not a good idea to give them write access to your site.

If the owner of the files is the one that the web server runs as, and the group ownership is the group that the web server user runs as it will work with 775.

If the files are owned by, for instance, root, and the server runs as apache 775 will not work as the apache user would need the "Other" permissions to write and with 775 "Other" only has read and execute.

Most servers now use suEXEC. This allows apache to run as different users on different virtual host accounts, usually under the username of the owner of the account.

Ask your host for more detail in setting the permissions on your site.

Login

Username:
Password:

Lost Password? Register now!

Who's Online

71 user(s) are online (52 user(s) are browsing Support Forums)


Members: 0


Guests: 71


more...

Donat-O-Meter

Stats
Goal: $100.00
Due Date: Nov 30
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $100.00
Make donations with PayPal!

Latest GitHub Commits