A question about chmod 777

Involved Joined: Sep 07, 2004 Posts: 354 Location: Sweden

Hi,

In some modules like Link-to-us and (if I remember well) Nsn-Download you have to change permission for some catalogs to 777.

My question is, by doing this don't we make it easier for a hacker to upload files to these catalogs and run it there?

This guy says no!
[ Only registered users can see links on this board! Get registered or login! ]

What is your answer? (I'm just worried about this issue because we got hacked recently).

Appreciate your answers.

Posted: Wed Jul 12, 2006 7:24 am

Well, that is somewhat of a loaded question, or really a loaded answer. I agree with most of what has been said in the referenced thread, but unfortunately, there is just too much there to try and comment on.

The bottom line really is that if you can avoid using it, I would avoid it. If you must be able to upload files to a directory OR in come cases have to allow a PHP script to create a new file in a directory, you may be forced to use 777. I would start with 770 or lower first and work your way up until your script works. I would also recommend only doing this in low-level directories and non-recursively (i.e., limit it only to the one directory that is required).

Sorry that I could not comment further.