Linux - ServerThis forum is for the discussion of Linux Software used in a server related context.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Distribution: debian etch, fedora 12, mac osx 10.51, ubuntu 8.04, 9.10, vista
Posts: 64
Rep:
what are the results of 664 permisions?
hi,
i am trying to set permissions on my wordpress install such that the wordpress admin can write to the files and directories in the wordpress tree. otherwise i have to do all the things wordpress does automatically by hand with vi.
of course i would like to have permissions set as precisely as possible for security.
at present the files are set to 644 (-rw-r--r--). my plan is to change permissions to 664 (-rw-rw-r--) using chmod. ie "chmod -r 664 ./wordpress".
To answer your question setting mode 664 may or may not allow apache to write. You will most likely need to chgrp the files to apache as well.
In general it is a bad idea to allow apache to write in the document root, but unfortunately as you see wordpress requires it. I manage linux servers for customers of all sizes from VPSes to 200+ machine installs. I only manage the OS level. They manage the apps. The single biggest exploit vector I see is due to web apps, and the most commonly exploited is wordpress. Sorry for the tangent, but my point is don't just start changing permissions until it works. Google and read a few articles on securing wordpress. Know how and what need exactly which permissions before relaxing file permissions on the server. And be extra vigilant on keeping wordpress updated.
As the previous post hinted, you will also need to make sure that the files are in Apache's group (apache on some distros, httpd on others, it's in httpd.conf). You might also want to note whether or not Apache has x on the directories too. IIRC, the recursive option for chmod is -R and not -r.
To the previous poster: Is there a list you could recommend of wordpress vulnerabilities and how to properly secure them? Is it more of a problem from the PHP or the MySQL?
Distribution: debian etch, fedora 12, mac osx 10.51, ubuntu 8.04, 9.10, vista
Posts: 64
Original Poster
Rep:
here is a link to a recent post in the wordpress forum describing how mysql was exploited. if you scroll down you will see a few links a moderator recommended reading to prevent it from happening again...
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
what are the results of 664 permisions?
