Files directory writable

Get Started | Login

Discussion Forums > Self Hosted Control Panels

Replies: 5 Views: 188

rossideas Aspiring developer Posts: 145 Reg: Jul 24, 2011 Albuquerque 1,450	confirm \| cancel 11/13/11 08:42 AM (14 years ago) Files directory writable Sorry if covered, could not find anything. The only way I can get the BT server to function on my server (virtual dedicated with plesk control panel), is with the files folder permissions set to 777. 755 (or any other combo) will not work. My issue is 777 is unsafe. Has anyone else had this issue or a solution. Thanks.. Title Comments Sorry if covered, could not find anything. The only way I can get the BT server to function on my server (virtual dedicated with plesk control panel), is with the files folder permissions set to 777. 755 (or any other combo) will not work. My issue is 777 is unsafe. Has anyone else had this issue or a solution. Thanks..

MGoBlue Apple Fan Posts: 980 Reg: Jun 07, 2011 Gold River, CA 10,600	11/13/11 09:29 AM (14 years ago) 777 should be fine. My server is the same way. Comments 777 should be fine. My server is the same way.

rossideas Aspiring developer Posts: 145 Reg: Jul 24, 2011 Albuquerque 1,450	11/13/11 09:56 AM (14 years ago) I appreciate the reply, but have read way too much about the dangers of leaving directory permissions at 777. Actually had a site hacked through an uploader that had 777. I know 777 would be an easy solution, but I'm not convinced it is secure. My problem is I have 40 other websites I host on this server and just can't take a chance. Comments I appreciate the reply, but have read way too much about the dangers of leaving directory permissions at 777. Actually had a site hacked through an uploader that had 777. I know 777 would be an easy solution, but I'm not convinced it is secure. My problem is I have 40 other websites I host on this server and just can't take a chance.

David @ buzztouch buzztouch Evangelist Posts: 6866 Reg: Jan 01, 2010 Monterey, CA 78,840	11/14/11 01:18 AM (14 years ago) The rule: If you are on a shared host, 777 is a bad idea. If you're not on a shared host, 777 is fine. If nobody else is using your box then nobody else can get to your files through 777, including WEB access. If you had a hack-job done through an upload the problem was not related to the folder being readable, it was related to how the upload script worked or didn't work. Could talk forever like this. The easiest way to think of it: 777 is dangerous if and only if OTHER users on the operating system have access. All 777 does is give other users of the computer access to a folder, it does not give the internet access, that's another matter altogether. Apache and PHP runs as users on your computer, hopefully nobody else does ;-) I wonder why 755 doesn't work? Seems like it should. I'm not a security expert but have no trouble on this end on a few test boxes running 755. Maybe somebody can shed some light on this for us all. The only reason I listed 755 in the docs is because I knew so many people were / are afraid of 777 and didn't want to scare anyone. Probably good that they are because so many folks are on shared hosts. Comments The rule: If you are on a shared host, 777 is a bad idea. If you're not on a shared host, 777 is fine. If nobody else is using your box then nobody else can get to your files through 777, including WEB access. If you had a hack-job done through an upload the problem was not related to the folder being readable, it was related to how the upload script worked or didn't work. Could talk forever like this. The easiest way to think of it: 777 is dangerous if and only if OTHER users on the operating system have access. All 777 does is give other users of the computer access to a folder, it does not give the internet access, that's another matter altogether. Apache and PHP runs as users on your computer, hopefully nobody else does ;-) I wonder why 755 doesn't work? Seems like it should. I'm not a security expert but have no trouble on this end on a few test boxes running 755. Maybe somebody can shed some light on this for us all. The only reason I listed 755 in the docs is because I knew so many people were / are afraid of 777 and didn't want to scare anyone. Probably good that they are because so many folks are on shared hosts.

rossideas Aspiring developer Posts: 145 Reg: Jul 24, 2011 Albuquerque 1,450	11/14/11 07:14 AM (14 years ago) Thanks David. I didn't mean to scare anyone, but you helped clear up some misconceptions I've had (and maybe others)... thanks again. Very excited about BT-server!! Comments Thanks David. I didn't mean to scare anyone, but you helped clear up some misconceptions I've had (and maybe others)... thanks again. Very excited about BT-server!!

aquila198 buzztouch Evangelist Posts: 473 Reg: Jul 22, 2011 location unknow... 10,330	11/15/11 09:18 AM (14 years ago) David, as always, I appreciate your incredible insight. Ross, I'm in the same boat. Except, I'm on a shared server. I suppose my only option is to look into a dedicated server, correct? Thanks as always. Comments David, as always, I appreciate your incredible insight. Ross, I'm in the same boat. Except, I'm on a shared server. I suppose my only option is to look into a dedicated server, correct? Thanks as always.

Login + Screen Name Required to Post Login to participate so you can start earning points. Once you're logged in (and have a screen name entered in your profile), you can subscribe to topics, follow users, and start learning how to make apps like the pros.