Secure file permissions

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • MicroSun
    Junior Member
    • Mar 2008
    • 3

    Secure file permissions

    Hello,

    As I see the default file permissions in the public_html folder are 755 for dirs and 644 for files.
    Let's suppose a normal dynamic website with php scripts, static htmls, images, css, javascripts. No scripts allowed to write or modify anything except cache folder, and log files.

    In this case does it make sense to make the permissions more secure?

    The goal would be to prevent any third party to install dangerous code on the actual account.

    What do you think?
  • AndrewT
    Administrator
    • Mar 2004
    • 3653

    #2
    Realistically, there wouldn't be much to gain by changing the permissions and in many cases you'll find that things just won't work. Most likely attack avenues would be through an insecure (out dated) script on the domain being exploited. Keeping these patched is the best defense.

    Comment

    • ZYV
      Senior Member
      • Sep 2005
      • 315

      #3
      The scripts are run as your user, so even if you change the permissions on some items to more restrictive (i.e. 444), there is no way you can prevent your scripts from writing because all it takes is to chmod it back to a writable state. The scripts are chrooted though, so other people won't be able to access your /home.

      This is about as much security as you can get in a shared environment. Just keep your stuff up to date and everything will be fine.

      Comment

      Working...