borzoid Posted February 19, 2011 Share Posted February 19, 2011 I have a question for developing (or in this case rewriting) an application. The current application creates directories and files (thumbnails, etc..) in a directory of the application files. In order to do this I have to set the directories chmod to 777 via ftp. I know this isn't secure. What exactly do you put in the application's code to allow it to write to a file or directory with CHMOD of 755. Quote Link to comment Share on other sites More sharing options...
requinix Posted February 19, 2011 Share Posted February 19, 2011 The key is to have PHP create the directories - that way it owns the directory and you can limit the privileges to it alone. The downside is exactly that: you (the user) can't do anything but read files and view subdirectories. If you wanted to use /var/www/uploads as the upload directory, 1. (You) chmod 0777 /var/www 2. (PHP) mkdir /var/www/uploads; maybe chmod too 3. (You) chmod 0755 /var/www If uploads/ was empty then you could delete it just fine, but if not then you'd have to make PHP delete all the files first. Quote Link to comment Share on other sites More sharing options...
borzoid Posted February 19, 2011 Author Share Posted February 19, 2011 OK so if I understand this correctly - the only way that I can make changes to files created by the application is if it sets chmod to 777. So what is the preferred method of doing this and still keeping a site secure from hackers? Quote Link to comment Share on other sites More sharing options...
PaulRyan Posted February 19, 2011 Share Posted February 19, 2011 Yes 777 should be used if you want to add files to the folder and for them to be available to be excuted and read. You could in theory set hte permissions to 777 to add a file, then CHMOD the folder back to 755 meaning files can only be read and executed, then if you want to add more files just CHMOD to 777 then back to 755 when finished. This is how I would do it, means files cannot bw written to the folder when CHMOD'ed to 755. This may not be the correct method, but what am I to know? Regards, PaulRyan. Quote Link to comment Share on other sites More sharing options...
requinix Posted February 19, 2011 Share Posted February 19, 2011 OK so if I understand this correctly - the only way that I can make changes to files created by the application is if it sets chmod to 777. Basically, yes. I'm assuming it's some shared hosting situation? Or that you're not in control of the server? Only two things you can do: 1. Make sure your login (FTP, SSH, etc) passwords are safe and secure. 2. Make sure your code is safe and secure. File permissions only matter for #1 and that's generally not the attack vector - "hackers" will spend most of their time looking at #2. Quote Link to comment Share on other sites More sharing options...
borzoid Posted February 19, 2011 Author Share Posted February 19, 2011 Thank you for the responses. yes, security is the number one concern here. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.