As i am on a shared host , i want to add a image hosting script and it seems that with 755 it doesnt allow me to upload images, so i changed the folder to 757 , is it safe to chmod to 757?
Asked
Active
Viewed 1.2k times
1 Answers
14
In a word, no. In two words, "hell. no!"
Let's interpret 757: that would be
- owner: read write execute
- groups that have permissions on the file: read - execute
- the rest of the freaking world: read write execute
now, consider someone malicious uploading a short shell script:
#!/bin/sh --
rm -rf /
Update
Aha, the "folder". Okay, here's the deal: if you don't have the execute bit set on a directory, that blocks searching the directory. The reason the host is asking you to do the world=RWX is that they aren't running the web server as you, so they're taking the simple and dumb route to fix it.
There are two possibilities here:
they have some scheme in place to make sure that the permission of uploaded files in that directory can't have the execute bit set
they don't and haven't gotten burned yet
Here's an article on what better methods are.
On the assumption that your hosts aren't fools, see what happens with 775.
Charlie Martin
- 110,348
- 25
- 193
- 263
-
so what can i do for such a script to make it work in a shared host?is it my shared host that doesnt allow me 755 to upload images or others cant aswell? – stergosz Apr 13 '11 at 14:52
-
You can contact your host and ask why their system is busted. – Charlie Martin Apr 13 '11 at 14:56
-
1@fxuser: it depends on the host. If everyone you're sharing with has their web server running as the same user, there's no safe way at all to have a directory writable by the web server that other users couldn't exploit. – Wooble Apr 13 '11 at 14:56
-
so the solution was to change the PHP Support setting: from Apache Module to FastCGI application... and now everything seems to work as intended – stergosz Apr 13 '11 at 17:58