Results 1 to 6 of 6

Thread: LAMP File Permissions

  1. #1
    Andy101's Avatar
    Andy101 is online now Code Otaku
    Join Date
    Aug 2009
    Location
    Kanazawa
    Posts
    1,310
    Thanks
    177
    Thanked 309 Times in 236 Posts

    LAMP File Permissions

    Hi folks

    Even though I've been building sites and writing scripts for a few years now, I still don't fully understand file permissions.

    I had a quick search on these forums and didn't find any topics on this subject so here goes ...

    One of the best tutorials I have found is here:

    Understanding Permissions

    But what I still don't get is what it means to allow write access or execution access for "world" users.

    Like how would anyone write to a file on your server that supposedly allows them to?

    And I think that the "world execution" permission is needed where somebody browses your site and a script writes to a file to say record their IP.

    I use Host Gator where it seems to be safe even to set a file permission to 777. So how would some external person exploit this?

    So hopefully some of you Linux pros can clarify this a bit, so me and others finally get it?

  2. #2
    anantshri is offline on leave from Net Builders : will post rarely
    Join Date
    Apr 2010
    Location
    india
    Posts
    338
    Thanks
    80
    Thanked 47 Times in 40 Posts
    see understand this way.


    Webpages reside on your webserver.

    webserver software (apache for PHP, or tomcat for JSP or IIS for ASP) (just examples) are used to access these files.

    now the server software needs read access to these files in order to be able to serve the file.

    where as let say we are running a wordpress blog and we want rights to edit theme file from wordpress admin then we need to give webserver software write permissions.

    in any case no one talks about giving other users or world users write or read permission.

    now comes the tricky part.

    some webserver software are considered as owner or group member of the files, but in some case its not like that

    when webserver software is owner or group member then we don't need to give world users any permission. but hosts like godaddy do require giving world user write access as the webserver software by itself doesn't own the file.


    I know its a bit confusing all the time.

    feel free to contact me if you need help on this.

  3. #3
    Andy101's Avatar
    Andy101 is online now Code Otaku
    Join Date
    Aug 2009
    Location
    Kanazawa
    Posts
    1,310
    Thanks
    177
    Thanked 309 Times in 236 Posts
    Hi anantshri

    thanks for your response but I still don't get it and I think other forum visitors will want to be clear on this issue too.

    e.g. why do people keep saying it is a huge security risk to have 777 permissions for example with a clear explanation of how this is a problem.

    p.s. I am thinking to provide a 777 permissions file for you guys to try and hack into.
    Last edited by Andy101; 14 May, 2010 at 16:48 PM.

  4. #4
    anantshri is offline on leave from Net Builders : will post rarely
    Join Date
    Apr 2010
    Location
    india
    Posts
    338
    Thanks
    80
    Thanked 47 Times in 40 Posts

  5. #5
    xxtoni's Avatar
    xxtoni is offline xxtoni
    Join Date
    Jan 2010
    Posts
    353
    Thanks
    16
    Thanked 42 Times in 34 Posts
    One important point here is,if a hacker really wants to get in,and its a real hacker,not a script kiddie,then these sort of things wont stop him,it would serve you best to have your server setup correctly (well this mostly depends on your host if you are on shared hosting,so you can't really do much about this) and have a strong ftp/admin password for your forum or whatever script you use...

  6. #6
    Andy101's Avatar
    Andy101 is online now Code Otaku
    Join Date
    Aug 2009
    Location
    Kanazawa
    Posts
    1,310
    Thanks
    177
    Thanked 309 Times in 236 Posts
    I get it now. The permissions apply to interactions within the server for the various groups of users listed in the server records such as root, admin groups, and hosting customers.

    And a good host should have taken steps to prevent hosting users on a shared host from accessing each other's hosted files.

Similar Threads

  1. [WTS] PR1 File Mirror Site - Upload to 15 File Hosts
    By ChaoscripT in forum Sites
    Replies: 0
    Last Post: 26 September, 2010, 11:53 AM
  2. Limiting Guest's Permissions.
    By Lee Lawson in forum Community Building
    Replies: 5
    Last Post: 24 July, 2010, 20:50 PM
  3. cpa offers pdf file for........
    By unusaus786 in forum General Chat
    Replies: 0
    Last Post: 23 June, 2009, 11:28 AM
  4. HowTo - Install a basic LAMP box
    By mega in forum Managing
    Replies: 1
    Last Post: 14 May, 2009, 10:16 AM

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •