Ideally I would be using suPHP however I have been forced to use DSO... How worried should I be about setting the folders permissions to 777 and how can I improve the security of doing so?
Asked
Active
Viewed 734 times
1 Answers
0
I would suggest that you should worry about setting permissions to 777. I can't think of any reason (with perhaps the exception of /tmp) why you would want to.
Without providing details of what you are trying to achieve the only suggestion I can offer on improving the security is to not set permissions to 777.
Usually even 775 is more access than is required for a web directory.
Aim for 750 with the owner being a user that isn't the web server user and the group used containing the user of the web server.
For example if your web server is being run by user apache in the group apache and your username is jigs then set
- folder owner to jigs
- folder group to apache
- permissions to 750
As an example, it should end up looking like
drwxr-w--- 6 jigs apache 4096 2010-08-13 23:54 /var/www
Richard Holloway
- 7,256
- 2
- 24
- 30
-
Actually the standard permissions for /tmp should be 1777 which is a *big* difference to 0777 like you suggested. – joschi Aug 14 '10 at 05:56