1

I recently uploaded a site with all folders set to -755 permissions and files to -644 permissions. But Joomla tells me "unwritable" for all folders listed under Directory Permissions. Now I changed some folders to -775 and this seems to have solved the problem for ones I changed so long, listing them "writable" rather than "unwritable", however, how bad is this in terms of security?

Can folders like this be hacked in any way?

Chris S
  • 77,945
  • 11
  • 124
  • 216
Anriëtte Myburgh
  • 181
  • 1
  • 9

1 Answers1

1

Folder permissions alone do not make or break security; they are however a critical stopgap between a minor exploit and a pwn3d server. For a Internet facing server you should absolutely take this security layer seriously and apply reasonable principal of least required privileges.

I'm not familiar with Joomla specifically, so I can't say for certain what the file and folder permissions should be. That said, I'm certain there are guides to setting this up properly.

Side note: I strongly suggest making sure your Joomla and all related software (httpd, etc) are patched and up to date. This is generally where those "minor exploits" start.

Chris S
  • 77,945
  • 11
  • 124
  • 216
  • It has just been upgraded to the newest release, so I'm just wondering if these permissions will make injections possible? – Anriëtte Myburgh Nov 15 '11 at 13:37
  • 1
    See first sentence of Answer. – Chris S Nov 15 '11 at 13:40
  • In addition to Chris comments - there are a good amount of appropriate steps to take to ensure a safe and secure Joomla site. If your inputs aren't sanitized you'll be open for injection - that's not a Joomla thing - that's a 'whoever wrote the plugin/code/module' you're using type thing. Read up on Joomla security - once you do make the steps to a 'safe server' a regular practice and you'll be fine. In all my years of Joomla development, I've had only 1 site ever get 'hacked' - and it was extremely minor and in my early days. – Hanny Jan 27 '12 at 16:45