GOING LIVE - how to set permissions safely?
Permalink
At the beginning of this venture, there were several folders I had to chmod as 777, if I recall correctly.
Now that installation and everything is set up, could someone please tell me which directories need permissions changed for safety on a live website? My guess is that some of these permissions have to be tightened back up to prevent the possibility of any random hacking by jerks.
Thanks!
Now that installation and everything is set up, could someone please tell me which directories need permissions changed for safety on a live website? My guess is that some of these permissions have to be tightened back up to prevent the possibility of any random hacking by jerks.
Thanks!
it really doesn't hurt to have them as 777. they still have to be an authenticated user in order to make changes. however, if you are still concerned you could change the directories (files, config, and packages) to 755. this means writable by the owner (you) and readable/executable by everyone else.
Thank you!
There are several different ways to configure apache/php that makes it difficult to "lock down" your site using a generic directory/file premission scheme. One needs a good understanding of your configuration and how *nix owner/group permissions work in order to implement the "most secure senario". There may be a good howto out there. I'll dig around and see if I can find one, or maybe even write one myself :)
LOL, I guess I'm paranoid. I thought everyone was ignoring me, but looks like 2 guys helped me out and answered a question I had about backing up.
Anyway, I did a search for permissions before I posted, but I didn't see anything about what directories to secure before going live. I know a lot of things were 777 which is "everyone can read and write! YAY!" and I don't think it's supposed to stay that way, is it?