homepage Welcome to WebmasterWorld Guest from 107.21.163.227
register, free tools, login, search, subscribe, help, library, announcements, recent posts, open posts,
Subscribe to WebmasterWorld

Home / Forums Index / Hardware and OS Related Technologies / Linux, Unix, and *nix like Operating Systems
Forum Library, Charter, Moderators: bakedjake

Linux, Unix, and *nix like Operating Systems Forum

    
empty index.php Vs CHMOD 0773
Image folder security
smagdy




msg:3467061
 2:34 pm on Oct 2, 2007 (gmt 0)

Hello!

My Server is Apache/PHP

I was setting image folder to 0773 but then i found that i need to use php to read directory image and delete some every some period, so it should be 0777 to be able to do that!

So my question, is it as safe to just put an empty index.php file in the image folder like setting it to 0773?

Thanks in advance

 

phranque




msg:3468734
 7:06 am on Oct 4, 2007 (gmt 0)

- i'm not sure that putting an empty index.php is going to do anything useful for you.

- setting the user permission to 3 makes it unusable as a directory by the non-owner/group since it is not readable.
it should be either a 5 for a readable directory or a 7 for a read/write directory.

SeanW




msg:3470684
 2:34 pm on Oct 6, 2007 (gmt 0)

Turn off indexes for the directory and don't worry about perms.

Options -Indexes

Sean

jtara




msg:3470747
 4:34 pm on Oct 6, 2007 (gmt 0)

OK, back up - we are talking about two different kinds of security here.

An empty index.html will serve web browsers an empty page. (Presuming your server is set to use index.html as a default page.) This will prevent browsers from seeing an index of your files, which they might if you had no default page.

However, the other method mentioned above is better for this purpose.

Unix/Linux file permission are used to control access to files by other users logged-in to a shell. If you are on a shared server, you need to use file permissions to prevent other customers of the hosting service from seeing or altering your files.

If you are on a dedicated server or a VPS, which you control exclusively, file permissions are less important - you probably have no other shell users.

However, you probably should still concern yourself with file permissions, as you may from time to time have others (employees, consultants) working on your machine, and may wish to make access available on a "need to know" basis. As well, careful use of file permissions can help control any successful break-in or exploit to your site that gives an attacker control of a non-root account.

[edited by: jtara at 4:34 pm (utc) on Oct. 6, 2007]

smagdy




msg:3470748
 4:34 pm on Oct 6, 2007 (gmt 0)

where to turn it off?

smagdy




msg:3470749
 4:51 pm on Oct 6, 2007 (gmt 0)

Thanks, am having VPS so it sounds like its not a problem as there are no other user/employees working on my site.

Thanks again!

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Hardware and OS Related Technologies / Linux, Unix, and *nix like Operating Systems
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About
© Webmaster World 1996-2014 all rights reserved