SitePoint Sponsor

User Tag List

Results 1 to 4 of 4
  1. #1
    SitePoint Enthusiast
    Join Date
    Jul 2006
    Posts
    27
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Web Security Issue : CHMOD

    Hi,

    Could someone advise if it is okay to chmod 777 web folder ?

    i have a wordpress based website, with some plugin & widget installed. Few of them require me to chmod 777 on particular folder, to enable visitors upload image.

    I'm worried if this could create security hole in my website. What is the worst havoc that hackers possibly produce on my website ?

    Would appreciate your advice.

    Thanks.

  2. #2
    Programming Team silver trophybronze trophy
    Mittineague's Avatar
    Join Date
    Jul 2005
    Location
    West Springfield, Massachusetts
    Posts
    17,227
    Mentioned
    194 Post(s)
    Tagged
    2 Thread(s)
    If you think about permissions, User-Group-World, Read-Write-Execute, is there ever any reason to use 0777? Do you really want everybody to be able to do everything? I stongly believe that permission levels should be set only to the least lenient (i.e. the most restrictive) that they can be while still letting things work. I feel that most (if not all) "need 777" is wrong and only used because someone doesn't understand or want to take the time to figure out what the best permission levels would be. I have yet to find a situation where 0777 was absolutely neccessary.

    Worse that could happen? Depending on your "filtering", someone could upload a script and run it. Not something you want. Better to keep the thief outside the door than to let him in and try to make sure he behaves.

  3. #3
    SitePoint Member
    Join Date
    Feb 2010
    Posts
    2
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    0777 is fine if you're using DSO instead of suPHP and need write permissions to the specific folder, I wouldn't bother setting 0777 for the entire site. Or you could make it 0666 instead, still has write permissions but not able to execute.

  4. #4
    SitePoint Zealot webhost.uk.net's Avatar
    Join Date
    Jan 2009
    Posts
    174
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by denisw View Post
    Hi,

    Could someone advise if it is okay to chmod 777 web folder ?

    i have a wordpress based website, with some plugin & widget installed. Few of them require me to chmod 777 on particular folder, to enable visitors upload image.

    I'm worried if this could create security hole in my website. What is the worst havoc that hackers possibly produce on my website ?

    Would appreciate your advice.

    Thanks.

    Nope its not at all recommended to have 777 file permissions ..Use Suphp and modsec that make the default file permission 755 for executing folders and 644 for files.

    And also make sure that files with nobody ownership are not allowed.


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •