FUDforum
Fast Uncompromising Discussions. FUDforum will get your users talking.
Home » FUDforum » How To » File permissions
Show: Today's Messages :: Polls :: Message Navigator
Switch to threaded view of this topic Create a new topic Submit Reply
File permissions [message #31143] Tue, 04 April 2006 19:41 Go to next message
matt(at)bikernight(dot)co(dot)uk is currently offline  matt(at)bikernight(dot)co(dot)uk   United Kingdom
Messages: 20
Registered: March 2006
Karma: 0
Junior Member
HI
I'm using a shared hosting solution and had a lot of problems with file permissions when I installed the fud software.
So to over come this I set every single file to chmod 777 *.*

Now I know that other users sharing my server can't make alterations to my files even though they are 777, as they can't get past my root directory.

I've password protected the main directory that contains the sub-directorys templates, includes, scripts etc
using an .htaccess file that says
Deny from all

Think I'm protected so far ... am I ?


Secondly
Now all my files under my main forum directory have full 777 permissions. This is probably not a good idea.
Can someone please tell me if I can recursively use chmod -R ??? *.*
from the main forum directory that my online users will use.
If so what should I use in place of ??? so all files are safe from pesky users, but not limiting the forum software.

Thanks in advance
Matt

Report message to a moderator

Re: File permissions [message #31168 is a reply to message #31143] Thu, 06 April 2006 02:43 Go to previous messageGo to next message
Ilia is currently offline  Ilia   Canada
Messages: 13241
Registered: January 2002
Karma: 0
Senior Member
Administrator
Core Developer
You can use FUDforum file lock admin control panel to set secure file permissions on all of the forum's files and directories.

FUDforum Core Developer

Report message to a moderator

Re: File permissions [message #31252 is a reply to message #31168] Wed, 12 April 2006 10:47 Go to previous messageGo to next message
matt(at)bikernight(dot)co(dot)uk is currently offline  matt(at)bikernight(dot)co(dot)uk   United Kingdom
Messages: 20
Registered: March 2006
Karma: 0
Junior Member
ok I tried that and all I get is.

ERROR: couldn't chmod "/home/www/***/***/.htaccess"
ERROR: couldn't chmod "/home/www/***/***/.htaccess1"
ERROR: couldn't chmod "/home/www/***/***/.htpasswd"
ERROR: couldn't chmod "/home/www/***/***/CREDITS"
ERROR: couldn't chmod "/home/www/***/***/index.php"
ERROR: couldn't chmod "/home/www/***/***/rdf.php"
and on and on and on it goes


Remember when I installed the software the files were owned by www therefore I couldn't edit them. I log into my shared hosting solution as a different user. So I had to get the ownership of all the forum files changed to my user. Now it looks like the locking script is running as www and is also failing, probably as I now own the files.

Loads of people must have this problem, is there a fix?
Please help.

Someone has already hacked my site, even though it was .htaccess protected. U know who you are you tinker!!

I'm really need to lock these files down.
Help please.

Report message to a moderator

Re: File permissions [message #31286 is a reply to message #31252] Fri, 14 April 2006 20:52 Go to previous messageGo to next message
Ilia is currently offline  Ilia   Canada
Messages: 13241
Registered: January 2002
Karma: 0
Senior Member
Administrator
Core Developer
You need to get your ISP to change the file owner back to the web server user or install forum inside another directory.

FUDforum Core Developer

Report message to a moderator

Re: File permissions [message #31298 is a reply to message #31286] Sat, 15 April 2006 09:02 Go to previous messageGo to next message
burn-up is currently offline  burn-up   United Kingdom
Messages: 3
Registered: April 2006
Karma: 0
Junior Member
I can do this!
However my hosting company claims that if the files are owned by www then other users on the same server will be able to hack them! Does this sound true to you?

I guess many different websites owned by different people are all running on the same webserver. Therefore as all scripts are run by www one of those users could modify one of their scripts to alter my forums files also owned by www ?

What do you think?

Report message to a moderator

Re: File permissions [message #31300 is a reply to message #31298] Sat, 15 April 2006 16:37 Go to previous message
Ilia is currently offline  Ilia   Canada
Messages: 13241
Registered: January 2002
Karma: 0
Senior Member
Administrator
Core Developer
When PHP is configured properly it uses a configuration setting called open_basedir this setting allows the ISP to restrict PHP access for each user to just their own directories.

FUDforum Core Developer

Report message to a moderator

  Switch to threaded view of this topic Create a new topic Submit Reply
Previous Topic: Login in and out via the API
Next Topic: Templating System: mapping screen to *.tmpl files
Goto Forum:
  

-=] Back to Top [=-
[ Syndicate this forum (XML) ] [ RSS ]

Current Time: Fri Nov 22 10:14:35 GMT 2024

Total time taken to generate the page: 0.04083 seconds
.:: Contact :: Home ::.

Powered by: FUDforum 3.1.3.
Copyright ©2001-2023 FUDforum Bulletin Board Software