Re: File Permissions?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




> Date: Wednesday, August 16, 2017 12:43:50 -0400
> From: Tedd Sperling <tedd@xxxxxxxxxxxx>
> 
>> On Aug 16, 2017, at 12:10 PM, Adam Jon Richardson
>> <adamjonr@xxxxxxxxx> wrote:
>> 
>> 755 is typical for directories, but 644 for files.
>> 
> 
> Adam:
> 
> If you set a file to 755, then how does bad guy do bad things with
> it?
> 
> Certainly, with 755 the owner can do anything he wants (read,
> write, execute), but the “group” and “everyone else” can
> only read and execute (5) the file — there is no “write” to
> the file. Without a “write”, then how can a bad guy
> change/upload a file?
> 
> There is something here I am not understanding. Please explain.
> 
> Cheers,
> 
> tedd

The question is not just permissions, but also ownerships. If the
directories/files are owned by the user that the web server runs as
(a disturbingly frequent recommendation) then all bets are off.



-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php





[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux