Permissions

General discussions about WebYep
Post Reply
petemac
Posts: 2
Joined: Mon Oct 12, 2009 11:34 pm

Permissions

Post by petemac » Mon Oct 12, 2009 11:41 pm

Hello

I have received the email copied below from hosting company, Easyspace, about permissions and security. I have had this message once before and did change the permissions on the world and group but found that none of the images were visible on the site anymore. So I reset them and have just had the warning again. Does anyone have suggestions for what permissions I should set that will allow the site to still run, please?

Cheers


please treat this matter as a priority. If you
have no web development experience yourself, we
recommend that you contact the agency that built
your website. They or another web developer will
be able to make these changes for you and test
your site for resilience.

Domain Name: *******************

As part of your service, Easyspace regularly scans
our webservers for potential threats and security
concerns. Unfortunately in our most recent scan,
we have identified some files and folders which
have permissions set which could pose a security
risk to your website, including but not limited to
site defacement.

It could be that things have been set this way on
purpose, quite often software vendors require that
777 or 775 permissions are setup on particular
folders in order for the software install to
function correctly. Examples of software which
require this are; Actinic shops; CMS like Xoops,
Mambo / Joomla and Wordpress; file upload scripts'
message boards like phpBB and guest books.

We have recently implemented security changes
which now mean that all scripts, CGI, PHP etc.
hosted on these systems no longer need these
additional permissions. All of your scripts should
run just fine with the default permissions when
you upload them.

When files are uploaded to the webspace via an ftp
client, the permissions will no longer need to be
changed from the default 644 for your applications
to work. Further to this however, sometimes the
application may create a session cookie with 777
or 775 permissions, we would ask that you either
alter the application code to prevent the files
being created with these permissions or move the
content out of the web accessible space. You may
wish to contact your web developer or application
provider for help with this.

We have identified the following files / folders
within your webspace which are set to World and
Group-Writeable and would ask that you update the
permissions on these files appropriately:

/www/webyep-system/data

Usually you can recursively change the permissions
on a folder via your ftp client, this will allow
the files within the folder to inherit the folder
permissions preventing you from having to manually
alter the permissions for every individual file.

Please treat this matter as a priority, If you
have any further questions we would ask that you
please raise a ticket in your Support Area at
http://support.easyspace.com or alternatively
contact our Support Team on 0870 755 5066 for
assistance.

Please note this email address does not not
respond to replies.

Kind Regards
Easyspace Customer Support

johannes
Objective Development
Objective Development
Posts: 815
Joined: Fri Nov 10, 2006 4:39 pm
Contact:

Re: Permissions

Post by johannes » Wed Oct 14, 2009 7:03 pm

Usually what that means is that the ISP has configured PHP in such way, that it runs under the same user ID has the FTP user - which is a good thing!

In this case WebYep does not require the webyep-system/data folder to be set to 777.
A setting of 755 (writeable only by owner) will then suffice.

If this settings does not work for you on that server, please contact us directly via the support page and please include the URL of your site and the WebYep login credentials.

petemac
Posts: 2
Joined: Mon Oct 12, 2009 11:34 pm

Re: Permissions

Post by petemac » Fri Oct 16, 2009 10:12 am

Thanks Johannes

I've now got the permissions to 754. Group still has Execute checked. If I uncheck this the images become unavailable. I'll wait to see if the host comes back to me about that. Is Execute as much of a security risk as Write? To me (not an expert on server behaviour at all) it would seem a possible problem but maybe it isn't....

johannes
Objective Development
Objective Development
Posts: 815
Joined: Fri Nov 10, 2006 4:39 pm
Contact:

Re: Permissions

Post by johannes » Fri Oct 23, 2009 12:10 pm

The meaning of the execute permission depends on whether it is for a file or a directory.

If you have execute permissions on a file, it can contain executable code and you may "run" it. This is different from just "reading" it and can be a security risk.

If you have execute permissions on a directory, you just may "step into" it.

Only having read permissions on a directory will only allow you to very basically list the files in it. It will not allow you to access the files in it.

Usually will always have both (execute and read) permissions or none on directories.

Post Reply