CHMOD 777 Arguement

[taha116]

Alright, so say I tell you that to have attachments work properly, your attachment folder needs to be 777. The first thing people ask me is...

- Isn't this a security risk?
The short answer is: no, not really... it isn't. Keep reading for the long answer.

- So, what, you're saying EVERYTHING should be 777?!?
Not hardly. Just some things in the forum's directory. Not, of course, that you should do so with the entire directory - but it won't matter much if you do, so long as your server is configured reasonably correctly.

- But... wait a minute. The three numbers stand for "Owner," "Group," and "Everyone." Doesn't that mean anyone can write to the files if I make it 777? (writable by all!?)
Well, technically, yes. But, the person first has to get into your server and be able to touch the file in the first place. They also have to have access to the directory the file is in, and the directory that file is in. At some point, you should have a directory (probably your username) which isn't 777.

- Isn't it safer, at least, not to use 777? What if a hacker got in?!
If a hacker gets in and wants to cause you trouble.... there is nothing you can do. You can have the file permissions as strict as you want, but the database will be wide open. So, yeah... you can protect the files that don't change from being deleted, but not your posts.
Which is more important? The files you can download again from here or the data you cannot get back?

- Isn't it unlikely a hacker would get into my server so much they could delete posts?
Not that unlikely, but no more or less likely than if they could use 777 to their advantage. Think of the database as ALWAYS 777.

- Doesn't MySQL have permissions? Can't I make it so they can't delete?
The forum won't work if you do that. It needs to be able to delete. If it can delete, so can the hacker. Dillema, huh?

- I believe you, but my host doesn't. They don't want me to make everything 777, they say it's not safe.
So have them read this. If they can't refute it, prove it wrong, or at least even challenge it then I guess they have to let you do 777 http://www.simplemachines.org/commun...imple/grin.gif.

- Even if 777 isn't a problem, why should I bother?
Because it makes things, like for example the package manager and attachments, work better.

Any other questions? (so far I made all these up, sorry if they aren't realistic http://www.simplemachines.org/commun...ple/tongue.gif.) Feel free to ask and I'll answer away. I challenge you to prove me wrong.... show me that somehow 777 is all that bad.


From: http://www.simplemachines.org/commun...p?topic=2987.0
By: [Unknown]

This guy has over 34 500 posts on the official SMF site and i would probably trust him with my Site FTP information if it came to it and my credit card information and my life... lol You get the picture. hes not stupid and he is not lieing. Please enable chmodding to 777 this should be more than enough.

I want to sgin up but am hesitant because of the 777 issue

[taha116]

The problem is that a lot of servers are not configured properly. But, I'll add to it that you should, by all means, have your public_html folder set to 770 or less. But subdirectories and files can be 777...

-[Unknown]

Additional Information (Since i cant edit)

[GvilleRick]

I have many scripts that once had to have 777 permissions on certain folders/files when those scripts had to run as the user nobody. I have changed all of those scripts to use 755 instead since I moved to suPHP and all have worked fine.

HG servers all use suPHP and will not allow 777 permissions or you will get a 500 error. Unless the script specifically checks permissions and stops if they are not 777 they should work fine with permissions set as 755 since they run under your username and not as nobody.

[taha116]

I understand that but its still recommended for allot of scripts. Like u said some check for 777 only. I will have to ask though... what is suPhp

[striddy]

Quote:

Originally Posted by taha116

Please enable chmodding to 777

Not going to happen.

Quote:

Originally Posted by taha116

I will have to ask though... what is suPhp

Let me Google that for you

[GvilleRick]

Quote:

Originally Posted by taha116

I understand that but its still recommended for allot of scripts. Like u said some check for 777 only. I will have to ask though... what is suPhp

It may be recommended but is generally not necessary. I have not seen a script in quite some time that checks to see if the permissions are set to 777. Rather, thee script should simply check if the file is writable. It willl be with suPHP if the permissions are set to 755. If you let us know the script you want to use it could be someone here has used it and can verify that it runs. As Striddy said it is not likely that HG will change the policy. The only way to get this option would be to get a dedicated server.

[taha116]

@ GvilleRick K Thanks for the information.

@ striddy I am starting to dislike you very much... But that google thing was kewl!

[kmaw]

I'm with striddy... so is HG's management team so it would seem.

[striddy]

Quote:

Originally Posted by taha116

@ striddy I am starting to dislike you very much..

And why is that?

Is it because I didn't reply with the answer you wanted to hear, or because I didn't sugar coat things.

My post directly answered your question. No more, no less.

[taha116]

Well that was sorta a joke, but you shall i put it, use a very instigating method of communication if you know what i mean.

Oh wait before you ask let me google instigate for you

See what i mean no one likes being treated like that, if you want me to google it then say google it don't try to make people feel stupid when they ask you for help. yeah i know im talking to much, sorry

[citawds]

Quote:

Originally Posted by taha116

Well that was sorta a joke, but you shall i put it, use a very instigating method of communication if you know what i mean.

Oh wait before you ask let me google instigate for you

See what i mean no one likes being treated like that, if you want me to google it then say google it don't try to make people feel stupid when they ask you for help. yeah i know im talking to much, sorry

Where do you see that David or anyone else is instigating anything here? You asked a question and it was answered, seem to me you are the one looking to instigate a problem that doesn't exist, people are trying to help you here.
Thanks

Steve

[taha116]

I dont want to start a fight or piss anyone of so im not gona talk about it anymore and i dont think striddy wants to waste any time on it either. I thought it was obvious that i dont want to bother anyone but apparently. not.