Page 1 of 1

[ask] security issue

PostPosted: Mon Aug 04, 2014 7:18 am
by isul
I have read the installation guide. It said that we must make read and write (chmod 777) some folder like files/, app/database/, app/cache/, app/config/, theme/. is it necesary to make chmod 777 to the folder? I think make it read-write is not secure. Can i make it to be chmod 755? Thank your answer. sorry my english not too good :)

Re: [ask] security issue

PostPosted: Mon Aug 04, 2014 7:18 pm
by ningus
In my experience it depends on your/providers servers config what permissions other than 777 on given folders would work. You can test it yourself. I don’t think it is insecure. Look what happens when you try to reach YOURSITE/bolt/app/config/config.yml from your webbrowser.

Re: [ask] security issue

PostPosted: Tue Aug 05, 2014 1:02 pm
by isul
Tengs a lot ningus. I am not security expert. I have googling. Some say that chmod 777 is bad idea. Here is the example
https://www.drupal.org/node/39887

Re: [ask] security issue

PostPosted: Wed Aug 06, 2014 8:23 am
by ningus
isul, the discussion in your link concludes that there is indeed write access for any user on server-side but not from outside, if this is your concern. Of course this could be worrying if your ISP has not set up it's server properly. Here is another explanation: https://superuser.com/questions/648064/why-forum-setting-requires-me-to-set-some-files-folders-to-777-permission-right#answer-648083