invision2 — 2010-01-06T12:40:20-05:00 — #1
I'd like to allow a script on my server to upload files to the server, and for the public to view the files.
However, I don't want the public to be able to write files to that folder.
What CHMOD value would I use to achieve this?
scallioxtx — 2010-01-06T12:41:58-05:00 — #2
Let me rephrase that:
"I want people to be able to write to a folder, but I don't want people to be able to write to that folder".
Sounds like a deadlock to me ...
invision2 — 2010-01-06T12:45:08-05:00 — #3
Eeeek. My apolgies.
I want my script on my server to be able to write files to the folder.
But I don't want scripts, not on the server, to write to it.
Also, what would be the safest CHMOD value to give, if I just wanted to FTP my files to the server and let public view them?
scallioxtx — 2010-01-06T12:50:55-05:00 — #4
644, given the FTP uploader is the owner of the file(s).
invision2 — 2010-01-06T12:51:40-05:00 — #5
And 755 wouldn't allow "outsiders" to write files?
scallioxtx — 2010-01-06T12:52:57-05:00 — #6
I meant 644, and yes, that wouldn't allow outsiders to write the files.
invision2 — 2010-01-06T12:54:11-05:00 — #7
It's strange though, as I've made one directory '644' and now I get a 'Forbidden' message when I try to view it(?)
Is that supposed to be the case?
scallioxtx — 2010-01-06T12:56:04-05:00 — #8
It's a directory, not a file /desk ...
Try 755 for directories and 644 for files ...
invision2 — 2010-01-06T13:00:46-05:00 — #9
Yes, a directory.
755 for directories, 644 files. Sounds good.
Many thanks for your help with this. It was so close to dinner, I wasn't making any sense
I think our site got brut3 forc3d hit I've a feeling they got into the administration directory and uploaded a maliscious file to one of my other folders
That's why I was hoping to quash it if possible.
So 755 will only allow people to upload files, using a script on my server?
invision2 — 2010-01-06T13:03:27-05:00 — #10
Oh, and if I had super secure scripts(like db connection ones), would I keep these out of the root?
Thanks again for all your help.