mickyginger — 2011-05-21T18:49:14-04:00 — #1
I'm creating a CMS for a photographer in PHP. She wants to create and delete galleries, which means creating new directories and copying files on the server.
Whenever I create or copy a file or directory, by default its permissions are set to something like 0755 by default, but in order to delete directories and files I need their permissions to be set to 0777. My question is, are there any inherent security issue with doing this? Am I setting my self up for trouble down the road if some vagabond decides to start deleting my photographers galleries?
timigoe — 2011-05-22T13:02:07-04:00 — #2
The potential risk is if something or someone else with access to the server wants to do something destructive, the better answer is 0775 and make sure your client is in the same group (permissions are, User, Group, Everyone) - allowing Everyone isn't a good plan, but allowing a controlled group is fine.
mickyginger — 2011-05-22T14:47:32-04:00 — #3