Re: [PHP] File Permissions?
> Date: Wednesday, August 16, 2017 12:43:50 -0400
> From: Tedd Sperling <tedd@xxxxxxxxxxxx>
>> On Aug 16, 2017, at 12:10 PM, Adam Jon Richardson
>> <adamjonr@xxxxxxxxx> wrote:
>> 755 is typical for directories, but 644 for files.
> If you set a file to 755, then how does bad guy do bad things with
> Certainly, with 755 the owner can do anything he wants (read,
> write, execute), but the “group” and “everyone else” can
> only read and execute (5) the file — there is no “write” to
> the file. Without a “write”, then how can a bad guy
> change/upload a file?
> There is something here I am not understanding. Please explain.
The question is not just permissions, but also ownerships. If the
directories/files are owned by the user that the web server runs as
(a disturbingly frequent recommendation) then all bets are off.
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php