I've made an app/cms that accepts file uploads (pdfs or images) via a form. I'm not sure what permissions I should give the directory where these files are uploaded to. I read a tutorial online that says "it needs to be 0777". is this correct? I need to be able to create files and delete files from this directory. Oh yeah, I'm running a Linux redhat server.
If you do not have FTP turned on and you are storing your php files in a virtual directory then you have nothing to worry about. Dont let it have script access though, or view directory. You need to give full permissions on that specific directory to everyone, 777.
actually I do need to have ftp access on that directory also. How do I disable script access and directory view? I tried to disable directory view by making a .htaccess file in the directory with "Option -Indexes" in it. but that doesn't seem to work cause I can still get a directory listing from a browser.
Simplest way to disable directory view would be to add an empty index file in there
NO. You don't have to set permission to 777. As long as the user who runs your webserver process has write permission to the upload directory, you can upload files.
Yes read permission is needed, but only the os user running the webserver. For example if the webserver user is "apache", login to terminal as "apache" and set permission to 500 (read+write for current user). That should do.