Confused about CHMOD 777 and 755

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • iadmirevb
    Senior Member
    • Feb 2009
    • 122
    • 3.8.x

    Confused about CHMOD 777 and 755

    Hello,
    I decided to go ahead and move all attachments, albums, avatar, profile pictures and my css file into the filesystem. I've read that the directories must be CHMOD 777, but i have them under 755 (the default one) and everything seems to work ok. Plus, the directory were my forum reside's (/home/XXX/public_html/forum) runs under CHMOD 755.

    On the Manual, it says "This directory must be writable by PHP, which generally means it must either be owned by the same user that your web server is running under or set to permissions 0777 or Global Read/Write on Windows Systems."

    I'm hosting with Host Gator with The 'Baby Plan', not a dedicated server.

    Why is it working for me with CHMOD 755? Should i expect some trouble in the future if i'm not running specific folders under CHMOD777?

    I'm confuse about this issue. Help...

    Thanks
  • Jake Bunce
    Senior Member
    • Dec 2000
    • 46598
    • 3.6.x

    #2
    The directories need to be writable. Usually that means 777 permissions, but it depends on the server. If it's working for you then you don't need to change anything.

    Comment

    • veenuisthebest
      Senior Member
      • Mar 2008
      • 589
      • 3.8.x

      #3
      I had the same problem as well.

      Jake sir, can you please tell what settings on some server allow directories to be written with chmod 0755? To make server more secure, i think only directories with 0777 should be writable.

      Comment

      • renep
        Senior Member
        • Aug 2005
        • 596
        • 3.8.x

        #4
        Originally posted by veenuisthebest
        what settings on some server allow directories to be written with chmod 0755?
        It depends on what user and group own the directory, the effective user and group id of the web server process and group memberships of the effective user.

        In order to avoid the complexity of user id's, groups, ownership, permissions etc. you often get the advice to 'chmod 0777' the directory to get things to work. This allows every user and process on the server write access to the directory.

        When that's not acceptable (e.g. on a shared server), you'll need to look at more complex secure setups with SUExec, chroot and such.
        "The lurking suspicion that something could be simplified is the world's richest source of rewarding challenges"
        - Edsger Dijkstra

        Comment

        • veenuisthebest
          Senior Member
          • Mar 2008
          • 589
          • 3.8.x

          #5
          thanks for the reply renep.

          Good permission for files: 0644 (rw-r--r--)
          Good permission for folders: 0755 (rwxr-xr-x)
          Is the above true?? Currently I have default chmod for folders as 0755 but as you can see it does not allow OTHERS and GROUPS to write to folders THEH WHY it is behaving like 0777.

          See, I want to know HOW TO block the world from writing to 0755 folders (which is not normal) and allow ONLY 0777 folders to be writable to the world (which is normal).

          Do you think I should care about this problem much? I find this an issue really.

          Thanks

          Comment

          • bigwater
            Senior Member
            • Jan 2007
            • 592

            #6
            The question is who is the owner of the files? If it's chowned nobody:nobody, 755 will allow write access by anybody becasue there is no owner of the file... anybody can access it. The file owner bit (the 7) will apply to anybody who accesses it. If it is chowned root:someuser or someuser:someuser, the behavior will be different. At that point one of the 5's will kick in depending on who's accessing the file, and at that point the file/directory will not be writable.
            Anybody who says "it can't be done" will usually be interrupted by somebody who is already doing it.

            Comment

            • renep
              Senior Member
              • Aug 2005
              • 596
              • 3.8.x

              #7
              Originally posted by veenuisthebest
              See, I want to know HOW TO block the world from writing to 0755 folders
              0755 alows only processes with an effective user id equal to that of the owner or 0 (root) to write to it.

              If the world can assume one of those effective user id's, for example through a web application running with the effective uid of the owner, it can write to that folder. That should be handled at the application level.
              "The lurking suspicion that something could be simplified is the world's richest source of rewarding challenges"
              - Edsger Dijkstra

              Comment

              • veenuisthebest
                Senior Member
                • Mar 2008
                • 589
                • 3.8.x

                #8
                oh okay.. this permission setup thing has always troubled me. Let me explain how my permissions are set.

                This is the directory structure:-

                /home/username/public_html

                Now,

                1. Folder username is chmod 0700 and owned by username

                2. Folder public_html is chmod 0755 and owned by username

                3. All files below public_html are chmod 0644 and owned by username

                4. All folders below public_html are chmod 0755 and owned by username

                Now, what should i do?

                Comment

                • bigwater
                  Senior Member
                  • Jan 2007
                  • 592

                  #9
                  username is going to be the primary user (owner) of that space. The second digit of your permissions structure is all that's going to matter in that case 0700, 0755, etc. 7 is read/write/execute... total permission for everything. 6 is read/write permission, all that's needed for binary attachments. Execute permissions are only needed for actual executables.

                  What you need to do is nothing. If you are storing your attachments under the public_html of the user who owns the space, and that user is the user that is "running" the web space, then you are set. You would only need to adjust the permissions if you are attempting to run the space from a user that is different than the owner of the files, and according to your description you are not doing that.
                  Anybody who says "it can't be done" will usually be interrupted by somebody who is already doing it.

                  Comment

                  • iadmirevb
                    Senior Member
                    • Feb 2009
                    • 122
                    • 3.8.x

                    #10
                    Originally posted by veenuisthebest
                    oh okay.. this permission setup thing has always troubled me. Let me explain how my permissions are set.

                    This is the directory structure:-

                    /home/username/public_html

                    Now,

                    1. Folder username is chmod 0700 and owned by username

                    2. Folder public_html is chmod 0755 and owned by username

                    3. All files below public_html are chmod 0644 and owned by username

                    4. All folders below public_html are chmod 0755 and owned by username

                    Now, what should i do?

                    mine is almost identical (i'm hosting with hostgator)

                    1. Folder username is chmod 0700 and owned by username

                    2. Folder public_html is chmod 0750 and owned by username

                    3. All files below public_html are chmod 0644 and owned by username

                    4. All folders below public_html are chmod 0755 and owned by username

                    /home/username/www is chmod 0777 and owned by username

                    Comment

                    • badheeu
                      New Member
                      • Oct 2007
                      • 22
                      • 4.2.x

                      #11
                      How do I do it in Windows server? Can someone help me.

                      Comment

                      • Wayne Luke
                        vBulletin Technical Support Lead
                        • Aug 2000
                        • 73976

                        #12
                        Originally posted by badheeu
                        How do I do it in Windows server? Can someone help me.
                        You don't... chmod is a linux permission system. In Windows you have to give the IIS Application Pool access through the standard permissions in Windows. The IIS User should have full access with modify permissions as seen on the security tab with the standard Properties dialog for a folder.




                        Translations provided by Google.

                        Wayne Luke
                        The Rabid Badger - a vBulletin Cloud demonstration site.
                        vBulletin 5 API

                        Comment

                        widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
                        Working...