LAMP File Permissions
Even though I've been building sites and writing scripts for a few years now, I still don't fully understand file permissions.
I had a quick search on these forums and didn't find any topics on this subject so here goes ...
One of the best tutorials I have found is here:
But what I still don't get is what it means to allow write access or execution access for "world" users.
Like how would anyone write to a file on your server that supposedly allows them to?
And I think that the "world execution" permission is needed where somebody browses your site and a script writes to a file to say record their IP.
I use Host Gator where it seems to be safe even to set a file permission to 777. So how would some external person exploit this?
So hopefully some of you Linux pros can clarify this a bit, so me and others finally get it?
see understand this way.
Webpages reside on your webserver.
webserver software (apache for PHP, or tomcat for JSP or IIS for ASP) (just examples) are used to access these files.
now the server software needs read access to these files in order to be able to serve the file.
where as let say we are running a wordpress blog and we want rights to edit theme file from wordpress admin then we need to give webserver software write permissions.
in any case no one talks about giving other users or world users write or read permission.
now comes the tricky part.
some webserver software are considered as owner or group member of the files, but in some case its not like that
when webserver software is owner or group member then we don't need to give world users any permission. but hosts like godaddy do require giving world user write access as the webserver software by itself doesn't own the file.
I know its a bit confusing all the time.
feel free to contact me if you need help on this.
thanks for your response but I still don't get it and I think other forum visitors will want to be clear on this issue too.
e.g. why do people keep saying it is a huge security risk to have 777 permissions for example with a clear explanation of how this is a problem.
p.s. I am thinking to provide a 777 permissions file for you guys to try and hack into.
One important point here is,if a hacker really wants to get in,and its a real hacker,not a script kiddie,then these sort of things wont stop him,it would serve you best to have your server setup correctly (well this mostly depends on your host if you are on shared hosting,so you can't really do much about this) and have a strong ftp/admin password for your forum or whatever script you use...
I get it now. The permissions apply to interactions within the server for the various groups of users listed in the server records such as root, admin groups, and hosting customers.
And a good host should have taken steps to prevent hosting users on a shared host from accessing each other's hosted files.