Permissions, permissions, permissions

mickyginger · May 21, 2011, 10:49pm

Hi there,

I’m creating a CMS for a photographer in PHP. She wants to create and delete galleries, which means creating new directories and copying files on the server.

Whenever I create or copy a file or directory, by default its permissions are set to something like 0755 by default, but in order to delete directories and files I need their permissions to be set to 0777. My question is, are there any inherent security issue with doing this? Am I setting my self up for trouble down the road if some vagabond decides to start deleting my photographers galleries?

Many thanks,
Mike

TimIgoe · May 22, 2011, 5:02pm

The potential risk is if something or someone else with access to the server wants to do something destructive, the better answer is 0775 and make sure your client is in the same group (permissions are, User, Group, Everyone) - allowing Everyone isn’t a good plan, but allowing a controlled group is fine.

mickyginger · May 22, 2011, 6:47pm

Ok, thanks.