> Date: Wednesday, August 16, 2017 12:43:50 -0400 > From: Tedd Sperling <tedd@xxxxxxxxxxxx> > >> On Aug 16, 2017, at 12:10 PM, Adam Jon Richardson >> <adamjonr@xxxxxxxxx> wrote: >> >> 755 is typical for directories, but 644 for files. >> > > Adam: > > If you set a file to 755, then how does bad guy do bad things with > it? > > Certainly, with 755 the owner can do anything he wants (read, > write, execute), but the “group” and “everyone else” can > only read and execute (5) the file — there is no “write” to > the file. Without a “write”, then how can a bad guy > change/upload a file? > > There is something here I am not understanding. Please explain. > > Cheers, > > tedd The question is not just permissions, but also ownerships. If the directories/files are owned by the user that the web server runs as (a disturbingly frequent recommendation) then all bets are off. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
