We build. You grow.

Get best community software here

Start a social network, a fan-site, an education project with oxwall - free opensource community software

Get started
Google+

Permission 777 | Forum

Topic location: Forum home » Support » General Questions
OW-Ghost
OW-Ghost Apr 4 '17
Hello folks!


Why do we need have not secure 777 file permissions on our servers?



- Here is list of folders in public_html folder that must have 777 permissions recursively (all files and folders inside this folders): 

ow_static
ow_userfiles
ow_pluginfiles
ow_smarty/template_c



Is there any fix for this?


I talk with many host now and they say this is very very unsafe to use 777 permission on you files and folders so why do oxwall ignore this and want it to have like this for many years?


it is same with mod_security why recommend have that off 2017 ? php7 will bee much better and safer for us but with all this 777 and mod_security off settings you will bee very open for easy hack you site, like a open book with 777 on mod_security off?


Agree or not agree but i feel this is very BAD and not belongs to 2017 ,all host say script today not use such file permissions


And it is funny because it is just the files and folders where you have all you members photos and avatars saved. 


What is the goal to not fix this for many years?


this is not safe for me and not safe for my members and 100% you can do soemthing about ti if you really want not tell me it is not possible to fix have you files and folders open for entire world 24/7 ?



The Forum post is edited by OW-Ghost Apr 4 '17
#1
Scam Detector
Scam Detector Apr 4 '17
You can have 755 (READ + WRITE), with that the problem is fixed and still works.


777 means READ + WRITE + EJECUTE


If you don't have READ + WRITE, the user and the admin is unable to upload and see pictures and files.

#2
OW-Ghost
OW-Ghost Apr 4 '17
Okey so 755 is enough. Thank you so much for that info. why many here told i need have 777 ? hmmm anyways thanks i will test 755 much better and safer!
#3
Bruce Tran
Bruce Tran Apr 5 '17
Scam Detector, how to do you set it to 755? Thanks in advanced.
#4
Oxwall Türkiye
Oxwall Türkiye May 4 '17

The reason for this setting is social networking.

It should be 777 because it is more flexible for data exchange.

This seems to be a problem yes, but the system is updated with an automatic 755 recording.

Changing this situation causes some instability.


Oxwall strictly a structure that strictly undercuts the structure absolutely fixes itself.

Other systems take these methods into consideration, but there is no system as powerful as OXWall.

#5
OW-Ghost
OW-Ghost May 5 '17
oxwall should work like all other scripts they get you to make a static folder on your server thats not in public directory and have mod_security ON like other scripts.


I feel this is not a safe way to build a software 2017.


Many hackers scan for websites with 777 permissions and it is perfect for a hacker if we have this permissions in the public folders. oxwall a hackers dream no doubt with this 2 things allowed and no care to change in 10 years

The Forum post is edited by OW-Ghost May 5 '17
#6
Start | Demo | About | Policies & Licenses | Blog | Contact Us | Oxwall Foundation | Roadmap | Developer Central | Oxwall hosting | Contribute | Partners | Donation | Community software | Dating software
© Copyright Oxwall Software
Oxwall Community Software