Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Hello. I installed WordPress on my website and it wants me to enable write permission for the files. What is a safe level to set these to? I've heard that 777 is risky, but I don't really understand how all that works...Wouldn't any sort of permissions still mean that someone would need to have either my FTP or my Wordpress admin login info in order to do anything to my site?
Sorry if this is the inappropriate category to put this in, but security made sense to me.
What I am having trouble grasping is what user am I if I am just running the Wordpress admin php file? (Please keep in mind that I am new to *nix filesystems, but am experienced in Windows filesystems)
In case you don't know Wordpress, basically, you can create new blog posts by typing the address of the wp-admin directory, which I believe contains a php file that executes and then use the "Dashboard" that that php file brings up (the php file has a password on it to prevent others from running it without login info).
In reading through the link you sent, I see that webhosts assign users the group "nobody" which inherits permissions from "others."
currently, that group is assigned a value of 5 (read and execute) so if I gave them write permission, then could anyone just come along and write to my files? Or am I safe as long as my Wordpress admin password is safe (ie...others can execute my wp-admin.php file, but won't be able to make it write since they don't have the password)
Or are there other security issues to worry about with giving write permission?
Lastly, will giving write permissions for a directory to a user allow that user to create subdirectories? I know they can create files, but is a directory considered a file?
Last edited by idyllhands; 12-19-2008 at 12:25 PM.
You are whatever user you are logged in as if you are running wordpress yourself.
Depending on your configuration, you may find that wordpress has it's own user, which it uses to access files like the database.
It strikes me that you need to learn more about how wordpress works.
If you have placed permissions 777 then any logged-in user can write to all your files.
A directory is also a file - everything is a file.
With wordpress - it is probably talking about permissions to access the MySQL database it uses.
Hello. I installed WordPress on my website and it wants me to enable write permission for the files. What is a safe level to set these to? I've heard that 777 is risky, but I don't really understand how all that works...Wouldn't any sort of permissions still mean that someone would need to have either my FTP or my Wordpress admin login info in order to do anything to my site?
Sorry if this is the inappropriate category to put this in, but security made sense to me.
Be sure that the files are owned by the same user and group that apache is run as. On my Ubuntu Server, all of my Wordpress files are owned by www-data:www-data.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.