2017-04-08, 01:03 PM
2017-04-08, 01:15 PM
No. in general, php files should be with CHMOD 644 / 664 & folders with CHMOD 755
some of MyBB files & folders require special permissions. see related guidance
some of MyBB files & folders require special permissions. see related guidance
2017-04-08, 01:48 PM
(2017-04-08, 01:15 PM).m. Wrote: [ -> ]No. in general, php files should be with CHMOD 644 / 664 & folders with CHMOD 755
some of MyBB files & folders require special permissions. see related guidance
How do i chmod on windows? And why it's bad if all are 777.
2017-04-08, 08:15 PM
(2017-04-08, 01:48 PM)kaarelyb Wrote: [ -> ](2017-04-08, 01:15 PM).m. Wrote: [ -> ]No. in general, php files should be with CHMOD 644 / 664 & folders with CHMOD 755
some of MyBB files & folders require special permissions. see related guidance
How do i chmod on windows? And why it's bad if all are 777.
https://technet.microsoft.com/en-us/libr...27008.aspx Here you go.
You can't chmod on Windows, you can chmod if you're using something like Filezilla to connect to your website files though, just right click on a file/folder and you'll see something like 'permissions'.
Here's an extract from AskUbuntu
Quote:Essentially, having permissions of 777 are not going to get you hacked on their own, but if someone gets a toehold in anywhere at all, it can be used to escalate permissions and gain complete control over your computer. The worst part is that your permissions are using "7" - that means read, write, and execute permissions.http://askubuntu.com/questions/20105/why...-chmod-777
Let's say a hacker wants to take over your computer. He might connect to your computer using a web browser, connecting to http://yourcomputer.example.com:80/ . If you have any pages available that let him upload images, he can rename an executable to end with ".jpg" and upload it to your server. Now he browses to that file in his web browser and runs it, because linux doesn't care about the extension, it only sees that it's an executable file. That may not get him much, but because it ran at all, he knows it ran as the apache user. He then uploads a modified version that will edit apache's config files, granting him even more access - let's say so that apache will output the contents of /etc/passwd. He can then use that information to see what users exist on the system. He can then connect using ssh and try common passwords to log in as those users - if that doesn't work he'll step up to using a full brute-force attack. If he gets in as a user with sudo access, then the entire system is his.
Now, you may say that's not likely, or that it's not how a real hacker would work. That is true, but the point is that by setting files to be chmod 777, you've opened a security hole that a hacker can use however he sees fit.
If you instead follow the Principle of least privilege, then that hole doesn't occur, and your system is that much harder to hack. Even though it's more difficult to do things properly, you should still make every effort to do so.
2017-04-09, 12:53 PM
777 means anyone can edit your files. 755 for folders and 644 files is standard.