File Permissions

Collapse
X
Collapse
 
  • Page of 1
  • Filter
  • Time
  • Show
Clear All
new posts
Previous template Next
    #1

    File Permissions

    I notice that files in the public_html folder need to be chmod 644 (755 for directories). Isn't that a bit insecure? On my web server at work, we use 640 and 750, with the 'group' set to the web server process.

    I tried changing the permissions via file manager to 640 and 750 and it all stopped working.

    I'm not sure I want 'others' (ie. everyone with shell access) to be snooping my files to see passwords embedded in PHP and so on. How is your system set up to prevent this when all files need to be 644 and 755?
    Tags: None
    #2
    No one is permitted shell access on the eUKhost servers. If they do want shell access, they are put on a server specifically designed for users who want it.

    755 permissions are perfectly safe.

    What you do not want to do is use 777 - but as I've said, rest assured that 755 is secure.

    Comment

      #3
      Thanks for that.
      Would be interesting to know why you are not set up to have the web server process as 'group', but maybe you can't say for security reasons

      Comment

        #4
        Also... we've various other security measures implemented/enabled on our server such as mod_user [apache module] & PHP_OpenBaseDir restriction limits users to their directory only, in short it disables the access/ability of users from reading other users' directories/files. Users can read only those files & folders whom are owned by them.

        If this wasn't the case.. just imagine everyone having access anywhere... it'd have been a very dangerous exploit causing severe problems & havoc everywhere..
        ....> <....
        Rock _a.k.a._ Jack Daniel

        Follow eUKhost on Twitter || Join eUKhost Community on Facebook

        Comment

        Previous template Next
        Working...
        X