Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie

chmod 777

Options
  • 18-05-2006 11:01am
    #1
    squibs
    Closed Accounts Posts: 975 ✭✭✭


    I'm designing a site where the user can upload images. To do this I had to chmod 777 the upload directory. I'm on a shared hosting package, and don't have telnet access. I'm wondering what the security implications are, and what I can do to improve matters.


Comments

  • Options
    #2
    Serbian
    Registered Users Posts: 2,157 ✭✭✭Serbian


    chmod'ing a folder to 777 won't compromise the security of your application to the web, but it will mean that anyone on that shared machine will have read and write access to the images folder. If the shared server has set scripts to run as you (the host would need to be running Suexec I think), chmod'ing the folder to 755 should be okay. This will give others read, but not write access, while still allowing you to write to the folder.


  • Options
    #3
    squibs
    Closed Accounts Posts: 975 ✭✭✭squibs


    Thanks Serbian - I already asked the Irish hosting provider about chown-ing the directory and the can't/won't do this.


  • Options
    #4
    Serbian
    Registered Users Posts: 2,157 ✭✭✭Serbian


    squibs wrote:
    Thanks Serbian - I already asked the Irish hosting provider about chown-ing the directory and the can't/won't do this.

    You don't really have a choice then. The worst thing that could happen with chmod 777 on a directory is some rogue script could delete all the files in the folder. If that's an acceptable risk than go ahead and do it. Otherwise you could host images on a third party site like Flickr.


  • Options
    #5
    pontovic
    Closed Accounts Posts: 658 ✭✭✭pontovic


    Why not write a simple script that allows users to upload images via the web ? Make a forum on your site and write something in PHP or JSP. That way users could still upload and you wouldn't have to worry about directory permissions.


  • Options
    #6
    mneylon
    Registered Users Posts: 7,739 ✭✭✭mneylon


    Pontovic - unless I am mistaken an upload script would still need at least one directory with looser permissions

    Blog | Tweets



  • Advertisement
  • Options
    #7
    Nietzschean
    Registered Users Posts: 7,314 ✭✭✭Nietzschean


    normally if you have the outside directory chmod'd 777 then get php to create the directory for your images it will be owned by whatever user the webserver is running as and then you can chmod back to 755 the outside directory and you should be done...


  • Options
    #8
    squibs
    Closed Accounts Posts: 975 ✭✭✭squibs


    Guys - it is a php script which uploads the images. Sorry I should have said.

    Nietzschean - Pure genius! I never though of that. Problem solved. Cheers!


Advertisement