Web lists-archives.com

Re: [PHP] File Permissions?




On Wed, Aug 16, 2017 at 12:02 PM, Tedd Sperling <tedd@xxxxxxxxxxxx> wrote:
>
> We had an incident happen at the college where I teach — the IT guy said:
>
> > After further inquiry, it appears a bad guy used a php vulnerability
> injection over http to enter into a folder on CITW.   This was made
> possible because the permissions were misconfigured (execute was set to 755
> instead of normal 644).
>
>
> My understanding of permissions is that 755 is normally thought of as
> secure — is that not true?
>

755 is typical for directories, but 644 for files.

https://premium.wpmudev.org/blog/understanding-file-permissions/

That said, I often even reduce the permissions beyond 644 in production
environments.

Adam