Announcement

Collapse
No announcement yet.

File permissions after installation

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Cybershaolin
    replied
    Hmmm I tried using the 755 chmod for my files and when you try to post a file in the forum it does not work, i has to be 777.

    I have this under forum: forum/files where I store all the files (not in the database).

    Like I say, the only way for me to be able to make this work is 777.

    This is not safe no?

    Leave a comment:


  • MRGTB
    replied
    I've used many different forum packages though, phpbb, invision, nuke, mybb and the list goes on. The good thing about vbulletin is at least you are not required to have any folders as 777 or 666, in most cases 755 will do. Unless you use features like being able to upload smilies from the admin cp to the server. Which you don't have to use. Just FTP them instead then add them to avoid using 777 on directories. That's what I like about vBulletin. CHMod wise it's the best of the bunch, and when you download your board for backup. After retoring there is no need to go through the hassle of then having to chmod files etc before you can run it, plus the default chmod values makes vbulltin the most secure board I've ever used personally.

    Leave a comment:


  • Zachery
    replied
    And? 99% of the time apache is running as nobody in most enviroments, so if everyone can't read your config files its going to be a problem.

    To be honest, this problem exsists within every software, and has since vB1. It has never been a cirtial issue as it requires direct access to the server in some way.

    Leave a comment:


  • flynnibus
    replied
    Originally posted by Zachery
    Sounds like a server config issue, my config file by default is 644.
    Ok, but 644 is still world readable!

    4 = read

    Meaning.. anyone on the shell box can read your passwords.. not very secure

    Leave a comment:


  • Zachery
    replied
    Sounds like a server config issue, my config file by default is 644.

    Leave a comment:


  • flynnibus
    replied
    its not 644 by default.. its actually 755 which is a problem for users on the webserver itself.

    read-exec by all, rwx by owner.

    Here is the config.php file as from the upload directory. This is from the zip file, extracted on the linux machine itself using 'unzip'. Of course the file is renamed from .new

    [[email protected] includes]$ ls -l config.php
    -rwxr-xr-x 1 skapinos skapinos 4915 Aug 22 22:04 config.php

    That means anyone on the server could read the file.. including the passwords.

    Leave a comment:


  • MRGTB
    replied
    Do not set permissions on your config to 666 or 777 like other boards require. vBulletin requires no changes after uploading the config file (because you make all the changes needed in it before you upload it). Just leave it as 644 permission which like Steve said above is "world readable" by default after you've upload it.

    Leave a comment:


  • Steve Machol
    replied
    Generally you do not have to change file permissions. The config.php file must be world-readable otherwise your forums won't work.

    Leave a comment:


  • flynnibus
    started a topic File permissions after installation

    File permissions after installation

    Should you have to modify file permissions post installation to protect sensative files such as config.php?

    After extracting.. everything is 755.. including includes/config.php which includes sensative information like the db user/pass

    I'm not a php guy.. but having the config file readable by all doesn't seem right to me.

    File permissions are not covered at all in the installation instructions.

Related Topics

Collapse

Working...
X