Jump to content

File/folder Permissions


natimage

Recommended Posts

I saw the tutorial on how to change permissions on files and folders. I've even done it!! :goof: But, maybe someone out there has a moment to expound on the concept of permissions. For example, I changed file/folder permissions to 777 tonight...but, I have no idea what that means. What does 777 mean for security compared to a permission of 644 or any other setting?

 

And, if I change permissions in order to do something (manage and import skins in IPB for example), can I or should I change the permissions back after the change is finished?

 

Stuff like that would be great to know more about.

Link to comment
Share on other sites

Thanks, Robert. In the meantime, can you answer just a quick yes or no (no explanation needed right now) as to whether or not I should change the file/folder permissions back to 644 for my IPB files/folders? I had to change them to 777 to import and apply a new skin.

Link to comment
Share on other sites

Thanks, Lianna!! I had not found that one! However, for such a novice as myself, it still leaves some questions unanswered. Like, what are the security risks for setting 777? And why did I have to set permissions to 777 instead of , say, 775 or something like that to apply skin changes to IPB?

 

I know, I'm a little thick-skulled sometimes. Theoretically I understand what the rwx is and the numbers and all that. It's understanding the meaning for actual application that I can't quite grasp.

 

Does that make any sense at all? :goof:

Edited by natimage
Link to comment
Share on other sites

Generally, your permissions should be as low as possible. Yes, there are security risks associated with giving guests write/execute privileges. However, many of these risks aren't all that easy to exploit and require special knowledge. The answer to your question is a complicated one.

If you have a static site with just HTML pages, the best thing to do will be giving full rights to the Owner and read-only to Group and Guest. If you have scripts like a guestbook, for example, it's a different story and the answer is "it depends".

 

In order for your script to function, it has to have write privileges to some directories and files. If you upload these files via ftp, and the attributes are set to 700, for example, the script won't be able to modify them. If the files are created by the script itself, you are all set (but there's a chance that you yourself won't be able to modify/delete those files via ftp, as the script (so-called "nobody") will be the owner.

 

As a rule, your .htaccess files shouldn't have anything higher than 700, and all important files that contain passwords should be located in areas unavailable through www. (Anything below your public_html directory may be accessed, so put your password files one level higher).

 

Also, don't give obvious names to files, but that's just common sense.

Link to comment
Share on other sites

Thanks, vangrieg.

 

I'm sure I'll understand it all much better at some point. You mentioned the most important thing...keep important information guarded!! I guess as long as I understand that 777 means "not guarded" and 444 means "the only thing anyone can do is read this", I'll do alright!!

Link to comment
Share on other sites

I guess as long as I understand that 777 means "not guarded" and 444 means "the only thing anyone can do is read this", I'll do alright!!

It's easy, as a matter of fact, just a little confusing.

 

- The first digit shows the privileges for you, the Owner.

- The second one - for Group (you may simply disregard this one and set it the same as the third one).

- The third one - for Guest, that is, anybody else but you.

 

Now,

- read priviliges (it means that users can see the file) have the value of 4.

- Write privileges (can create a new file or modify and existing one) - 2.

- Execute (can run a script) - 1.

 

Now let's say you have an HTML page and you want be able to modify it, but don't want anybody else to touch it, except for viewing in their browsers. What do you do?

 

- Owner = Read + Write = 4 + 2 = 6.

- Group = Guest = Read = 4.

So you want 644.

 

Another example - you have a file you want to be accessible to you only.

 

- Owner = Read + Write = 6.

- Group = Guest = nothing = 0.

 

So you want 600.

Link to comment
Share on other sites

Thanks again. It's slowly sinking in. I asked a question earlier that got missed.

yes or no  as to whether or not I should change the file/folder permissions back to 644 for my IPB files/folders? I had to change some of them to 777 to import and apply a new skin.

 

I'm sure I'm wrong to come to the conclusion that since I've successfully imported and applied the new IPB skin that I can now change those selected permissions back to 644...but it makes sense to me that I should be able to do that.

 

Any comments? Am I right or wrong?

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...