natimage Posted January 16, 2004 Posted January 16, 2004 I saw the tutorial on how to change permissions on files and folders. I've even done it!! But, maybe someone out there has a moment to expound on the concept of permissions. For example, I changed file/folder permissions to 777 tonight...but, I have no idea what that means. What does 777 mean for security compared to a permission of 644 or any other setting? And, if I change permissions in order to do something (manage and import skins in IPB for example), can I or should I change the permissions back after the change is finished? Stuff like that would be great to know more about. Quote
DarqFlare Posted January 16, 2004 Posted January 16, 2004 I tend to agree, a tutorial like that would be invaluable. We'll get one made when we have the opportunity. Quote
natimage Posted January 16, 2004 Author Posted January 16, 2004 Thanks, Robert. In the meantime, can you answer just a quick yes or no (no explanation needed right now) as to whether or not I should change the file/folder permissions back to 644 for my IPB files/folders? I had to change them to 777 to import and apply a new skin. Quote
Lianna Posted January 16, 2004 Posted January 16, 2004 Actually, KW has a great tutorial on permissions on the Help Site: http://www.totalchoicehosting.com/help/id85.htm Quote
natimage Posted January 16, 2004 Author Posted January 16, 2004 (edited) Thanks, Lianna!! I had not found that one! However, for such a novice as myself, it still leaves some questions unanswered. Like, what are the security risks for setting 777? And why did I have to set permissions to 777 instead of , say, 775 or something like that to apply skin changes to IPB? I know, I'm a little thick-skulled sometimes. Theoretically I understand what the rwx is and the numbers and all that. It's understanding the meaning for actual application that I can't quite grasp. Does that make any sense at all? Edited January 16, 2004 by natimage Quote
DarqFlare Posted January 16, 2004 Posted January 16, 2004 Well, there it is. Heh. Wish I'd have seen that before myself. I haven't browsed much through those endless files, maybe someday I will and actually learn a thing or two... Quote
Lianna Posted January 16, 2004 Posted January 16, 2004 Tracy, Will search Google for an appropriate "examples" oriented article to help with your question of application. Have seen several in the past, just gotta find them. Quote
natimage Posted January 16, 2004 Author Posted January 16, 2004 Thanks, Lianna. I did search google and I found some helpful things. I just couldn't find one that would make that final connection in my clogged up little brain!! Quote
vangrieg Posted January 16, 2004 Posted January 16, 2004 Generally, your permissions should be as low as possible. Yes, there are security risks associated with giving guests write/execute privileges. However, many of these risks aren't all that easy to exploit and require special knowledge. The answer to your question is a complicated one. If you have a static site with just HTML pages, the best thing to do will be giving full rights to the Owner and read-only to Group and Guest. If you have scripts like a guestbook, for example, it's a different story and the answer is "it depends". In order for your script to function, it has to have write privileges to some directories and files. If you upload these files via ftp, and the attributes are set to 700, for example, the script won't be able to modify them. If the files are created by the script itself, you are all set (but there's a chance that you yourself won't be able to modify/delete those files via ftp, as the script (so-called "nobody") will be the owner. As a rule, your .htaccess files shouldn't have anything higher than 700, and all important files that contain passwords should be located in areas unavailable through www. (Anything below your public_html directory may be accessed, so put your password files one level higher). Also, don't give obvious names to files, but that's just common sense. Quote
natimage Posted January 16, 2004 Author Posted January 16, 2004 Thanks, vangrieg. I'm sure I'll understand it all much better at some point. You mentioned the most important thing...keep important information guarded!! I guess as long as I understand that 777 means "not guarded" and 444 means "the only thing anyone can do is read this", I'll do alright!! Quote
vangrieg Posted January 16, 2004 Posted January 16, 2004 I guess as long as I understand that 777 means "not guarded" and 444 means "the only thing anyone can do is read this", I'll do alright!! It's easy, as a matter of fact, just a little confusing. - The first digit shows the privileges for you, the Owner. - The second one - for Group (you may simply disregard this one and set it the same as the third one). - The third one - for Guest, that is, anybody else but you. Now, - read priviliges (it means that users can see the file) have the value of 4. - Write privileges (can create a new file or modify and existing one) - 2. - Execute (can run a script) - 1. Now let's say you have an HTML page and you want be able to modify it, but don't want anybody else to touch it, except for viewing in their browsers. What do you do? - Owner = Read + Write = 4 + 2 = 6. - Group = Guest = Read = 4. So you want 644. Another example - you have a file you want to be accessible to you only. - Owner = Read + Write = 6. - Group = Guest = nothing = 0. So you want 600. Quote
natimage Posted January 16, 2004 Author Posted January 16, 2004 Thanks again. It's slowly sinking in. I asked a question earlier that got missed. yes or no as to whether or not I should change the file/folder permissions back to 644 for my IPB files/folders? I had to change some of them to 777 to import and apply a new skin. I'm sure I'm wrong to come to the conclusion that since I've successfully imported and applied the new IPB skin that I can now change those selected permissions back to 644...but it makes sense to me that I should be able to do that. Any comments? Am I right or wrong? Quote
natimage Posted January 16, 2004 Author Posted January 16, 2004 Awesome. Thanks for all the help. I understand tons more now! Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.