Results 1 to 3 of 3

Thread: Secure file permissions

  1. #1
    Junior Member
    Join Date
    Mar 2008
    Posts
    3

    Default Secure file permissions

    Hello,

    As I see the default file permissions in the public_html folder are 755 for dirs and 644 for files.
    Let's suppose a normal dynamic website with php scripts, static htmls, images, css, javascripts. No scripts allowed to write or modify anything except cache folder, and log files.

    In this case does it make sense to make the permissions more secure?

    The goal would be to prevent any third party to install dangerous code on the actual account.

    What do you think?

  2. #2
    Administrator AndrewT's Avatar
    Join Date
    Mar 2004
    Location
    Tulsa, OK
    Posts
    3,634

    Default

    Realistically, there wouldn't be much to gain by changing the permissions and in many cases you'll find that things just won't work. Most likely attack avenues would be through an insecure (out dated) script on the domain being exploited. Keeping these patched is the best defense.

  3. #3
    Senior Member
    Join Date
    Sep 2005
    Location
    Russia, Nizhny Novgorod
    Posts
    315

    Default

    The scripts are run as your user, so even if you change the permissions on some items to more restrictive (i.e. 444), there is no way you can prevent your scripts from writing because all it takes is to chmod it back to a writable state. The scripts are chrooted though, so other people won't be able to access your /home.

    This is about as much security as you can get in a shared environment. Just keep your stuff up to date and everything will be fine.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •