Not sure where this should go.
I'm just wondering why 777 is so bad? I'm sure lots of people have their files set as 777. If I send someone a link to one of my files set as 777 what can they actually do? Is it just that PHP scripts might be able to edit the file since they are probably classed as group/other instead of owner?
People say that 777 is bad but why?
Generally, CHMOD 777 is okay to use in most cases. It may raise a security risk if:
- The computer you used to upload the files is publicly-accessible (like a library, workstation, etc.)
And/Or
- You use an anonymous login for FTP, or publicaly-accessible logins
And/Or
- Your website is hosted on a shared server
And/Or
- You use a unix-based system
If a hacker goes to a page that is chmod 777, he may be able to launch a command that could potentially wipe out that page.
My recommendation is to use chmod 755 instead, whenever possible.
Tikitiki Wrote:or 755
Sorry, thats what I meant to type instead of "775". I changed it above. Thanks!
decswxaqz Wrote:People say that 777 is bad but why?
It's not 'people', it's MOD Security (Nothing to with Mod's)....
Most servers see 777 is a security risk, and as most programmes will access and install with 755, it's the preferred option.
The upload/Avatars DIR with MyBB for instance... While the script says 777, it also works equally well with 755.
It's basically a server thing... so one should always try 755 before CHMODing to 777.
Edit:
For example:
If you are trying to install a programme that 'tells' you to chmod to 777, and you keep getting an error messages. Then check the server LOG file, and it will probably reflect something like... "Access denied, File is open to all".
