FRIHOST FORUMS SEARCH FAQ TOS BLOGS COMPETITIONS
You are invited to Log in or Register a free Frihost Account!


Problem with avatar in pbgpBB >>> read/write permis





FriBogdan
I know that i must set the dir "avatars" to public read/write (ie. chmod a+rw) but i don't know what number i must give (at direct admin u have numbers for permissions: ex 777...666....and so on...). So...can someone help me?
Alienz
Set the avatar directory permission to 777.
FriBogdan
Quote:
777 Writable and executable by everyone (not recommended)

It is 777 safe? Chould someone delete all the avatars and so on?
Daniel15
FriBogdan wrote:
Quote:
777 Writable and executable by everyone (not recommended)

It is 777 safe? Chould someone delete all the avatars and so on?


I'm quite sure that no visitor of your site would be able to delete all the avatars. 777 is quite safe.

Here's a quote from [Unknown], one of the main developers of Simple Machines Forum software (http://www.simplemachines.org/). Even though this quote is about another forum software, some of the information will still apply to your phpBB:
Simple Machines Community Forum wrote:

Alright, so say I tell you that to have attachments work properly, your attachment folder needs to be 777. The first thing people ask me is...

- Isn't this a security risk?
The short answer is: no, not really... it isn't. Keep reading for the long answer.

- So, what, you're saying EVERYTHING should be 777?!?
Not hardly. Just the forum's directory, and all the files and directories inside it. Not, of course, that you should do this - but it won't matter much if you do, so long as your server is configured reasonably correctly.

- But... wait a minute. The three numbers stand for "Owner," "Group," and "Everyone." Doesn't that mean anyone can write to the files if I make it 777? (writable by all!?)
Well, technically, yes. But, the person first has to get into your server and be able to touch the file in the first place. They also have to have access to the directory the file is in, and the directory that file is in. At some point, you should have a directory (probably your username) which isn't 777.

- Isn't it safer, at least, not to use 777? What if a hacker got in?!
If a hacker gets in and wants to cause you trouble.... there is nothing you can do. You can have the file permissions as strict as you want, but the database will be wide open. So, yeah... you can protect the files that don't change from being deleted, but not your posts.
Which is more important? The files you can download again from here or the data you cannot get back?

- Isn't it unlikely a hacker would get into my server so much they could delete posts?
Not that unlikely, but no more or less likely than if they could use 777 to their advantage. Think of the database as ALWAYS 777.

- Doesn't MySQL have permissions? Can't I make it so they can't delete?
The forum won't work if you do that. It needs to be able to delete. If it can delete, so can the hacker. Dillema, huh?

- I believe you, but my host doesn't. They don't want me to make everything 777, they say it's not safe.
So have them read this. If they can't refute it, prove it wrong, or at least even challenge it then I guess they have to let you do 777 .

- Even if 777 isn't a problem, why should I bother?
Because it makes things, like for example the package manager and attachments, work better.

Any other questions? (so far I made all these up, sorry if they aren't realistic .) Feel free to ask and I'll answer away. I challenge you to prove me wrong.... show me that somehow 777 is all that bad.

(source: http://www.simplemachines.org/community/index.php?topic=2987)

so yeah, it's safe Very Happy
FriBogdan
daniel15 u really clear things up for me. Damn...i hope this doesn't mean that i should install smf. instead phpBB...it seams that smf has better support (it is much safer too...)(first i installed smf. but i changed up my mind and now i'm on php Sad )
Daniel15
Glad to hear that I could help you Very Happy

If you ever decide to switch back to SMF, there's a phpBB to SMF converter which will convert all your phpBB members, posts and settings to SMF Very Happy. It's on the SMF Downloads Page, under the 'Converters and Tools' category.

-close-
Bondings
daniel15, I don't really agree with your developer of SMF. Permission 777 might be safe for the outside world, but there are plenty of accounts on this server which (if I'm not mistaken) do have some access to it. Wink
Daniel15
Bondings wrote:
daniel15, I don't really agree with your developer of SMF. Permission 777 might be safe for the outside world, but there are plenty of accounts on this server which (if I'm not mistaken) do have some access to it. Wink


I believe only root has access to people's home directories (/home/username/). They're CHMODded to 700 if I remember correctly. Also, the public_html folder has it's permissions set to 750 (so anyone other than the owner/group can't even get into it). So, people trying to view other people's accounts won't even get into their home directory.

If anyone tries to open someone else's files with PHP (or create a new file in their folder), then the open_basedir restrictions will stop them Very Happy.
Related topics
This topic is locked: you cannot edit posts or make replies.    Frihost Forum Index -> Support and Web Hosting -> Web Hosting Support

FRIHOST HOME | FAQ | TOS | ABOUT US | CONTACT US | SITE MAP
© 2005-2011 Frihost, forums powered by phpBB.