Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

chmod 777

  • 18-05-2006 10:01am
    #1
    Closed Accounts Posts: 975 ✭✭✭


    I'm designing a site where the user can upload images. To do this I had to chmod 777 the upload directory. I'm on a shared hosting package, and don't have telnet access. I'm wondering what the security implications are, and what I can do to improve matters.


Comments

  • Registered Users, Registered Users 2 Posts: 2,170 ✭✭✭Serbian


    chmod'ing a folder to 777 won't compromise the security of your application to the web, but it will mean that anyone on that shared machine will have read and write access to the images folder. If the shared server has set scripts to run as you (the host would need to be running Suexec I think), chmod'ing the folder to 755 should be okay. This will give others read, but not write access, while still allowing you to write to the folder.


  • Closed Accounts Posts: 975 ✭✭✭squibs


    Thanks Serbian - I already asked the Irish hosting provider about chown-ing the directory and the can't/won't do this.


  • Registered Users, Registered Users 2 Posts: 2,170 ✭✭✭Serbian


    squibs wrote:
    Thanks Serbian - I already asked the Irish hosting provider about chown-ing the directory and the can't/won't do this.

    You don't really have a choice then. The worst thing that could happen with chmod 777 on a directory is some rogue script could delete all the files in the folder. If that's an acceptable risk than go ahead and do it. Otherwise you could host images on a third party site like Flickr.


  • Closed Accounts Posts: 658 ✭✭✭pontovic


    Why not write a simple script that allows users to upload images via the web ? Make a forum on your site and write something in PHP or JSP. That way users could still upload and you wouldn't have to worry about directory permissions.


  • Registered Users, Registered Users 2 Posts: 7,740 ✭✭✭mneylon


    Pontovic - unless I am mistaken an upload script would still need at least one directory with looser permissions


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 7,314 ✭✭✭Nietzschean


    normally if you have the outside directory chmod'd 777 then get php to create the directory for your images it will be owned by whatever user the webserver is running as and then you can chmod back to 755 the outside directory and you should be done...


  • Closed Accounts Posts: 975 ✭✭✭squibs


    Guys - it is a php script which uploads the images. Sorry I should have said.

    Nietzschean - Pure genius! I never though of that. Problem solved. Cheers!


Advertisement