You are viewing the PKP Support Forum | PKP Home Wiki

The "Public" Folder -- A Security Issue?

Are you responsible for making OCS work -- installing, upgrading, migrating or troubleshooting? Do you think you've found a bug? Post in this forum.

Moderators: jmacgreg, michael, John

Forum rules
The Public Knowledge Project Support Forum is moving to http://forum.pkp.sfu.ca

This forum will be maintained permanently as an archived historical resource, but all new questions should be added to the new forum. Questions will no longer be monitored on this old forum after March 30, 2015.

The "Public" Folder -- A Security Issue?

Postby r2d2 » Tue Oct 13, 2009 2:42 pm

I have a quick question:

What should be the exact CHMOD number for the public folder (666 or 777)?

The reason I am asking this question is that we have used 777 for this folder, and we experienced a hacking attempt called "odmarco attack". The person(s) injected malicious *.php files in to the Public folder because it was wide open due to CHMOD 777. What is the main purpose this folder and what do we lose if we use CHMOD 666 instead?

Posts: 32
Joined: Fri Aug 28, 2009 1:36 pm

Re: The "Public" Folder -- A Security Issue?

Postby asmecher » Tue Oct 13, 2009 4:44 pm

Hi Jason,

It's never safe to use 777 permissions (or 666 permissions or anything with a global "write" permission). Different servers will have different configurations, so it's impossible for us to state definitively what permissions to use -- but in general, the account under which your PHP scripts runs should have write access to this directory. It's used to store journal logo images and similar things that are publicly available to readers.

There are lots of threads in the support forum on directory permissions -- I'd suggest reading those for more info.

Alec Smecher
Public Knowledge Project Team
Posts: 10015
Joined: Wed Aug 10, 2005 12:56 pm

Return to OCS Technical Support

Who is online

Users browsing this forum: No registered users and 1 guest