Web Development Thread, File/folder permissions? Where to start? in Coding and Web Development; Hello,
I am looking to make my web service as secure as possible whilst allowing for the upload of data.
...
I am looking to make my web service as secure as possible whilst allowing for the upload of data.
I have installed Joomla and used 750 as the settings for the web root and applied to enclosed objects. Now i would like to allow the creation of folders and uploading of images. What permissions should the root images folder have?
I have tried 770 and 757 and both fail with errors (see pic)
Am i doing all of this wrong?
I have tried searching for correct permissions for web folders and security for this type of stuff but can't get any definitive answers.
I have tried to configure it as an FTP folder as well but it requires 777 as the permissions. Surely this results in a security risk for that folder?
Sorry for such a numpty question but i have never really fully grasped the folder permissions needed for this stuff and what implications it has on the security.
I have read what chmod does and how it works but not exactly sure on what effects giving 777 on a folder would cause although it isn't a critical file like the config.php
Last edited by HodgeHi; 6th February 2009 at 12:11 PM.
Reason: Forgot Attachment :o
777 is always a bad idea, I'd be tempted to go for 775 because you don't want to give everyone write permissions, but you do want them to be able to read and they need to be able to execute in order to open the directory.
It sounds like the problem is not permissions, it's just that you need the folder's group owner to be a group that the user also belongs to.
Might be worth checking php safe mode is off... although I doubt that it's your problem.
I imagine by now you've gone ahead with 777?
Last edited by Batman; 28th March 2009 at 07:03 PM.
I think i did go with 777. I'm not entirely sure as it was a while ago. I set up the user permissions as follows though, local user full access, web user read only and everyone no access. Not sure if i should put them here?? This allows the web users to browse the sites whilst allowing the local user access to edit and change files. I thought giving everyone user no access (since everything seems to work fine without any) should be the safest option.
LinkBack URL
About LinkBacks
