Zach Posted March 18, 2011 Posted March 18, 2011 I've had a custom PHP script written for me for a client's website. It has a flash uploader in the administrator's area and the developer has told me I must set my upload folder to 777 for it to work. These are JPEG files that get uploaded that need to be accessible as they are viewable from another separate page. I don't pretend to know a great deal about permissions but it's my understanding that 777 is very insecure...but insecure in what way, I'm not sure. I also seem to recall that 777 may not even be allowed on TCH. Can anybody help fill me in? I'm on a dedicated box if that makes any difference. Quote
OJB Posted March 18, 2011 Posted March 18, 2011 TCH is running the suPHP handler which means you can't/don't need to assign 777 privileges to any scripts. Have a read of this thread: http://www.totalchoicehosting.com/forums/index.php?showtopic=40190&view=findpost&p=244033 In terms of 777 and what it means you split those numbers into 3 separate parts. Starting at the left most digit you have "user" - the owner of the file/script/directory The middle digit corresponds to "group" - other members of the group the file belongs to The right most digit is "other" - anyone else The numbers are built up as follows: 0 no permission 1 execute 2 write 3 write and execute 4 read 5 read and execute 6 read and write 7 read, write and execute So essentially 777 means read, write and execute for user, group and other. Which is why it is deemed a security risk. Have a read on wikipedia about filesystem permissions: (en.wikipedia.org/wiki/File_system_permissions) and CHMOD (en.wikipedia.org/wiki/Chmod) and it should help your understanding Quote
TCH-Bruce Posted March 18, 2011 Posted March 18, 2011 He is asking about folder permissions not script permissions but similar rules applies. I would start with permissions set to 755 and see what happens. The permissions can always be adjusted if necessary. Quote
Bob Crabb Posted March 19, 2011 Posted March 19, 2011 It will probably work with folder permissions set to 755. I have a few sites with either upload folders or a cache folder that I used to have to set to 777 in order for cached files to be written into the folder or for user uploaded files to be written. Since TCH upgraded to suPHP, they all work set to 755. Quote
SteveW Posted March 20, 2011 Posted March 20, 2011 755 will do what you want. With suPHP, PHP runs with the same permissions as your userID (the folder's "owner"), so the first 7 in 7xx is the one that applies to it. That is, that first 7 is what allows the owner to write to the folder, and if the owner (you) can write to the folder, so can PHP. With the first digit 7, the other two can be the more secure 5's, giving 755. Without suPHP, PHP has its own userID and it runs with those permissions. In that case, it's not the same as your userID; it's "other", whose permissions are determined by the last digit of the permissions number. For it to write to the folder, that last digit must be a 7. So in that case the 777 is needed. Unfortunately, in that case, granting the 777 to PHP has the side effect of granting the same permissions to all other accounts on the same server, which is why it's a security risk. Quote
Zach Posted March 20, 2011 Author Posted March 20, 2011 755 will do what you want. With suPHP, PHP runs with the same permissions as your userID (the folder's "owner"), so the first 7 in 7xx is the one that applies to it. That is, that first 7 is what allows the owner to write to the folder, and if the owner (you) can write to the folder, so can PHP. With the first digit 7, the other two can be the more secure 5's, giving 755. Without suPHP, PHP has its own userID and it runs with those permissions. In that case, it's not the same as your userID; it's "other", whose permissions are determined by the last digit of the permissions number. For it to write to the folder, that last digit must be a 7. So in that case the 777 is needed. Unfortunately, in that case, granting the 777 to PHP has the side effect of granting the same permissions to all other accounts on the same server, which is why it's a security risk. How do I find out if I have suPHP installed? I'm on a dedicated box and I seem to recall support telling me it isn't on my machine. 755 doesn't work--I already tried it. However if the security risk is just about other accounts on the same machine, since it's my box and I know what accounts are on it that's not a huge concern. Quote
TCH-Bruce Posted March 20, 2011 Posted March 20, 2011 With 777 permissions anyone could potentially access it (write to it) so you will want to make sure it is as secure as possible. To be sure suPHP is installed on your server open a ticket with the help desk but I am pretty sure it already is. Quote
SteveW Posted March 21, 2011 Posted March 21, 2011 How do I find out if I have suPHP installed? If you run the script with permissions at 755 and it doesn't work, but it does work when they're 777, I'd consider that sufficient indication that you need the 777. I'm on a dedicated box Sorry I missed that even though you stated it clearly. I seem to recall support telling me it isn't on my machine. Entirely possible. Dedicated can be configured differently from how they do the shared accounts. if the security risk is just about other accounts on the same machine, Yes, that's all it is. If you trust your other users, it's not that big a deal. The one thing it gives you less control over is that if one account gets hacked, the hackers can get access, using PHP, to folders in the other accounts. There are 2 ways to install PHP. Each has pros and cons. With mod_PHP (which is non-suPHP), this 777 is just the necessary configuration when you want PHP to be able to write to a folder. It's not a misconfiguration; it's just how you have to do it in that case. Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.