Is file mode 777 really necessary?

ElJefe

ElJefe

Member
I ran the command-line script to chmod the following folders to 777.
/apps/common/config
/apps/common/runtime
/backend/assets/cache
/customer/assets/cache
/frontend/assets/cache
/frontend/assets/files
/frontend/assets/gallery
/apps/extensions​
Is it really necessary for them to be 777, though? Seems kind of insecure. I have set the group to '_www' for the MailWizz directory and everything beneath it. Can I do a `chmod o-w` for those folders? Leaving them writeable to everyone in the world gives me the heebegeebees (sp?) :eek:
 
You can try lower permissions too, we do them 0777 because of the miriad of web hosting and the way they force things.
 
twisted1919 said:
You can try lower permissions too, we do them 0777 because of the miriad of web hosting and the way they force things.
Click to expand...

Hi twisted1919,

have you tested your app with the lower permissions?
Really, you have created great EMA app, and it's popular, however many of developers who takes security seriously will be in doubt of recommendation to CHMOD folders to 777. It means anybody can write to those folders, read their written content, and execute it.

I think you can consult with professional server admins, and get really secure CMOD settings from them for your app.

As there will be no public users of your app, i think we can easily set it to 775, or even 755.
However would be great to hear exact recommendations from you.

Please provide details next to each folder, what it's for and what should be happening in each folder, so i will be able to consult with my server admins and get the right CHMODs.

Here is the list:

/apps/common/config
/apps/common/runtime
/backend/assets/cache
/customer/assets/cache
/frontend/assets/cache
/frontend/assets/files
/frontend/assets/gallery - if there is only images in the gallery, it's not executable files, they don't need 777.
/apps/extensions

Please go trough this list with professional server admins, tell them what will be happening in each folder, why and when, and they will give you right CMODs.

Thank you for great app, and let's make it even greater!
 
You must log in or register to reply here.
Back
Top