777 permissions

RenePhant

Joined: 2011-02-02
Posts: 2

Posted: Wed, 2011-02-02 05:51

I have been cautioned against using 777 permissions because it allows anyone to write file to the directory, yet the installation instructions require me to change the permissions of the install folder to 777. How is this safe?

Dayo

Joined: 2005-11-04
Posts: 1642

Posted: Wed, 2011-02-02 09:12

Crossing roads can result in you getting knocked over by a speeding car with grievous consequences, yet you need to do this several times a day.

How do you manage this unsafe action?

Do you:
1. Refuse to cross roads and stay at home all day?
2. Drive everywhere? (you'll probably still need to cross at some point)
3 Evaluate the risk and act according when you need to cross?

This is no different. The same principles of risk evaluation and mitigation applies.

With G2, your choices are:
1. Don't use the application. (Refuse to cross)
2. Find an alternative (Drive everywhere - you will come against the same issue at some point)
3. Evaluate the risk and act according (put your g2data folder outside the webroot as advised, use suexec type settings on your php so that you don't need 777, etc, etc, etc).

--
dakanji.com

nivekiam

Joined: 2002-12-10
Posts: 16504

Posted: Wed, 2011-02-02 17:38

I like it!

Our instructions state to set g2data to 777 so that you can be sure that the user the webserver runs as has permission to create files under there. You can set permissions more restrictive, like 775 or maybe even 755 but that's really going to depend on how your server is setup and what user PHP or Apache run as or the owner that's set on the g2data directory and files/directories below it.

As Dayo stated, you're going to run into the same thing with EVERY web app that requires write permission to some directory, every "simple upload file", every CMS (WordPress, Drupal, Joomla, CMSMS, etc), every photo upload script, everything that needs to write to files.
____________________________________________
Like Gallery? Like the support? Donate now!

RenePhant

Joined: 2011-02-02
Posts: 2

Posted: Wed, 2011-02-02 22:28

Hi, I would like to learn more about the last option, setting up my g2data so that it doesn't require 777 permissions. Currently the folder is outside the webroot and owned by Apache, yet I still get an error stating that the folder is inaccessible.

I'm pretty new to this, so I would appreciate it if you could give me steps to set up the program properly without resorting to 777 permissions. Which level should files within the g2data be at? For instance, what permission is appropriate for the .htacess file? And for the files which are in the webroot, should they be owned by apache or by my user?

The error I encounter is:

Storage Directory Permissions
Failed
Inaccessible or missing files (1)
Error: Some files and or directories in your storage directory are not writeable by the webserver user. Run chown -R webserverUser /home2/calsol/g2data/ OR run chmod -R 777 /home2/calsol/g2data/.
/home2/calsol/g2data/

I do not have root access, so I cannot use trial and error, but will have to ask my administrator to fix the problems for me. This is why I need fairly descriptive steps of what to do.

Dayo

Joined: 2005-11-04
Posts: 1642

Posted: Wed, 2011-02-02 22:14

http://codex.gallery2.org/Gallery2:FAQ#What_information_is_required_when_I_ask_for_help_in_the_forums.3F

--
dakanji.com

RenePhant Joined: 2011-02-02 Posts: 2	Posted: Wed, 2011-02-02 05:51
	I have been cautioned against using 777 permissions because it allows anyone to write file to the directory, yet the installation instructions require me to change the permissions of the install folder to 777. How is this safe?
	XUser login Username: * Password: * Create new account Request new password
Dayo Joined: 2005-11-04 Posts: 1642	Posted: Wed, 2011-02-02 09:12
	Crossing roads can result in you getting knocked over by a speeding car with grievous consequences, yet you need to do this several times a day. How do you manage this unsafe action? Do you: 1. Refuse to cross roads and stay at home all day? 2. Drive everywhere? (you'll probably still need to cross at some point) 3 Evaluate the risk and act according when you need to cross? This is no different. The same principles of risk evaluation and mitigation applies. With G2, your choices are: 1. Don't use the application. (Refuse to cross) 2. Find an alternative (Drive everywhere - you will come against the same issue at some point) 3. Evaluate the risk and act according (put your g2data folder outside the webroot as advised, use suexec type settings on your php so that you don't need 777, etc, etc, etc). -- dakanji.com

nivekiam Joined: 2002-12-10 Posts: 16504	Posted: Wed, 2011-02-02 17:38
	I like it! Our instructions state to set g2data to 777 so that you can be sure that the user the webserver runs as has permission to create files under there. You can set permissions more restrictive, like 775 or maybe even 755 but that's really going to depend on how your server is setup and what user PHP or Apache run as or the owner that's set on the g2data directory and files/directories below it. As Dayo stated, you're going to run into the same thing with EVERY web app that requires write permission to some directory, every "simple upload file", every CMS (WordPress, Drupal, Joomla, CMSMS, etc), every photo upload script, everything that needs to write to files. ____________________________________________ Like Gallery? Like the support? Donate now!

RenePhant Joined: 2011-02-02 Posts: 2	Posted: Wed, 2011-02-02 22:28
	Hi, I would like to learn more about the last option, setting up my g2data so that it doesn't require 777 permissions. Currently the folder is outside the webroot and owned by Apache, yet I still get an error stating that the folder is inaccessible. I'm pretty new to this, so I would appreciate it if you could give me steps to set up the program properly without resorting to 777 permissions. Which level should files within the g2data be at? For instance, what permission is appropriate for the .htacess file? And for the files which are in the webroot, should they be owned by apache or by my user? The error I encounter is: Storage Directory Permissions Failed Inaccessible or missing files (1) Error: Some files and or directories in your storage directory are not writeable by the webserver user. Run chown -R webserverUser /home2/calsol/g2data/ OR run chmod -R 777 /home2/calsol/g2data/. /home2/calsol/g2data/ I do not have root access, so I cannot use trial and error, but will have to ask my administrator to fix the problems for me. This is why I need fairly descriptive steps of what to do.

Dayo Joined: 2005-11-04 Posts: 1642	Posted: Wed, 2011-02-02 22:14
	http://codex.gallery2.org/Gallery2:FAQ#What_information_is_required_when_I_ask_for_help_in_the_forums.3F -- dakanji.com

777 permissions

XUser login