Jump to content
Sign in to follow this  
natimage

File/folder Permissions

Recommended Posts

I saw the tutorial on how to change permissions on files and folders. I've even done it!! :goof: But, maybe someone out there has a moment to expound on the concept of permissions. For example, I changed file/folder permissions to 777 tonight...but, I have no idea what that means. What does 777 mean for security compared to a permission of 644 or any other setting?

 

And, if I change permissions in order to do something (manage and import skins in IPB for example), can I or should I change the permissions back after the change is finished?

 

Stuff like that would be great to know more about.

Share this post


Link to post
Share on other sites

I tend to agree, a tutorial like that would be invaluable.

 

We'll get one made when we have the opportunity.

Share this post


Link to post
Share on other sites

Thanks, Robert. In the meantime, can you answer just a quick yes or no (no explanation needed right now) as to whether or not I should change the file/folder permissions back to 644 for my IPB files/folders? I had to change them to 777 to import and apply a new skin.

Share this post


Link to post
Share on other sites

Thanks, Lianna!! I had not found that one! However, for such a novice as myself, it still leaves some questions unanswered. Like, what are the security risks for setting 777? And why did I have to set permissions to 777 instead of , say, 775 or something like that to apply skin changes to IPB?

 

I know, I'm a little thick-skulled sometimes. Theoretically I understand what the rwx is and the numbers and all that. It's understanding the meaning for actual application that I can't quite grasp.

 

Does that make any sense at all? :goof:

Edited by natimage

Share this post


Link to post
Share on other sites

Well, there it is. Heh. Wish I'd have seen that before myself.

 

I haven't browsed much through those endless files, maybe someday I will and actually learn a thing or two... :goof:

Share this post


Link to post
Share on other sites

Tracy,

 

Will search Google for an appropriate "examples" oriented article to help with your question of application. Have seen several in the past, just gotta find them.

Share this post


Link to post
Share on other sites

Thanks, Lianna. I did search google and I found some helpful things. I just couldn't find one that would make that final connection in my clogged up little brain!!

Share this post


Link to post
Share on other sites

Generally, your permissions should be as low as possible. Yes, there are security risks associated with giving guests write/execute privileges. However, many of these risks aren't all that easy to exploit and require special knowledge. The answer to your question is a complicated one.

If you have a static site with just HTML pages, the best thing to do will be giving full rights to the Owner and read-only to Group and Guest. If you have scripts like a guestbook, for example, it's a different story and the answer is "it depends".

 

In order for your script to function, it has to have write privileges to some directories and files. If you upload these files via ftp, and the attributes are set to 700, for example, the script won't be able to modify them. If the files are created by the script itself, you are all set (but there's a chance that you yourself won't be able to modify/delete those files via ftp, as the script (so-called "nobody") will be the owner.

 

As a rule, your .htaccess files shouldn't have anything higher than 700, and all important files that contain passwords should be located in areas unavailable through www. (Anything below your public_html directory may be accessed, so put your password files one level higher).

 

Also, don't give obvious names to files, but that's just common sense.

Share this post


Link to post
Share on other sites

Thanks, vangrieg.

 

I'm sure I'll understand it all much better at some point. You mentioned the most important thing...keep important information guarded!! I guess as long as I understand that 777 means "not guarded" and 444 means "the only thing anyone can do is read this", I'll do alright!!

Share this post


Link to post
Share on other sites
I guess as long as I understand that 777 means "not guarded" and 444 means "the only thing anyone can do is read this", I'll do alright!!

It's easy, as a matter of fact, just a little confusing.

 

- The first digit shows the privileges for you, the Owner.

- The second one - for Group (you may simply disregard this one and set it the same as the third one).

- The third one - for Guest, that is, anybody else but you.

 

Now,

- read priviliges (it means that users can see the file) have the value of 4.

- Write privileges (can create a new file or modify and existing one) - 2.

- Execute (can run a script) - 1.

 

Now let's say you have an HTML page and you want be able to modify it, but don't want anybody else to touch it, except for viewing in their browsers. What do you do?

 

- Owner = Read + Write = 4 + 2 = 6.

- Group = Guest = Read = 4.

So you want 644.

 

Another example - you have a file you want to be accessible to you only.

 

- Owner = Read + Write = 6.

- Group = Guest = nothing = 0.

 

So you want 600.

Share this post


Link to post
Share on other sites

Thanks again. It's slowly sinking in. I asked a question earlier that got missed.

yes or no  as to whether or not I should change the file/folder permissions back to 644 for my IPB files/folders? I had to change some of them to 777 to import and apply a new skin.

 

I'm sure I'm wrong to come to the conclusion that since I've successfully imported and applied the new IPB skin that I can now change those selected permissions back to 644...but it makes sense to me that I should be able to do that.

 

Any comments? Am I right or wrong?

Share this post


Link to post
Share on other sites

Awesome. Thanks for all the help. I understand tons more now!

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×