Unix permissions assignments: owner, group, others 755 = owner:7, group:5, others:5 In octal, 7 is full permission for anything (file/directory): read + write + execute. An example: If some file (e.g. index.php) is assigned to webservice:users (owner user "webservice", group "users") and has 755 permissions, it means that any action called from a process running as "webservice" account can do anything over that file, members of group "users" can only read & execute, and others can also read & execute. For the same case in a directory (permissions 755), concrete consequence is that the owner ("webservice") can CREATE files in it and give them the desired permissions. How can a web visitor make use of "webservice" account? If your HTTP server software runs as "webservice", then any .php script runs with same account permissions. If you have a .php script that allows visitor to upload or create other PHP files, you have the door open to a bad guy creates his own pages/scripts with server's filesystem access (only restricted by open_basedir directive). El 16/08/17 a les 18:43, Tedd Sperling ha escrit: > >> On Aug 16, 2017, at 12:10 PM, Adam Jon Richardson <adamjonr@xxxxxxxxx> wrote: >> >> 755 is typical for directories, but 644 for files. >> >> -snip- >> >> Adam > > Adam: > > If you set a file to 755, then how does bad guy do bad things with it? > > Certainly, with 755 the owner can do anything he wants (read, write, execute), but the “group” and “everyone else” can only read and execute (5) the file — there is no “write” to the file. Without a “write”, then how can a bad guy change/upload a file? > > There is something here I am not understanding. Please explain. > > Cheers, > > tedd > > _______________ > tedd sperling > tedd@xxxxxxxxxxxx > > > > > > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php