OJS OCS OMP OHS

You are viewing the PKP Support Forum | PKP Home Wiki



File Permission Settings - Cache - and CHMOD 777

Are you responsible for making OJS work -- installing, upgrading, migrating or troubleshooting? Do you think you've found a bug? Post in this forum.

Moderators: jmacgreg, btbell, michael, bdgregg, barbarah, asmecher

Forum rules
What to do if you have a technical problem with OJS:

1. Search the forum. You can do this from the Advanced Search Page or from our Google Custom Search, which will search the entire PKP site. If you are encountering an error, we especially recommend searching the forum for said error.

2. Check the FAQ to see if your question or error has already been resolved.

3. Post a question, but please, only after trying the above two solutions. If it's a workflow or usability question you should probably post to the OJS Editorial Support and Discussion subforum; if you have a development question, try the OJS Development subforum.

File Permission Settings - Cache - and CHMOD 777

Postby stabb » Tue May 15, 2007 8:41 pm

Hi Guys

Hope you dont mind, I may start to bombard you with a whole lot of questions.

I have one regarding the Cache file and how I can set it up to be more secure. I will go in any direction, I just need your trusty advice.

A while ago, I posted a thread to do with my initial ojs site getting hacked.
see:
viewtopic.php?t=1776&highlight=hacked

ascmecher said:
If you set your file permissions wide open (e.g. 777), someone else on a multi-user system could have used your file area to launch attacks without needing to find a vulnerability on your website. You should never use 777 permissions on a production server; many alternatives are available but will depend on your server configuration.


It seems we cant do without the 777 file permissions. could you possibly present me with an alternative? Or point me in a direction to research upon.

Also just a more general question, if I set files to be world writeable (777). Does this mean that anyone can edit those files residing on the server?

Thanks
James
stabb
 
Posts: 47
Joined: Sat Mar 31, 2007 10:06 pm

Postby asmecher » Wed May 16, 2007 12:16 am

Hi James,

The most secure setup will be something like FastCGI that will permit PHP to run in a setuid environment; however, this is not a common configuration. (If you're using a shared host, check your phpinfo to see if this is the case.)

The next best is to have all files in the "cache" directory be owned by the web server user, e.g. "apache" or "www-data" depending on your distribution and configuration.

Regards,
Alec Smecher
Open Journal Systems Team
---
Don't miss the First International PKP Scholarly Publishing Conference
July 11 - 13, 2007, Vancouver, BC, Canada
http://ocs.sfu.ca/pkp2007/
asmecher
 
Posts: 8869
Joined: Wed Aug 10, 2005 12:56 pm


Return to OJS Technical Support

Who is online

Users browsing this forum: Baidu [Spider] and 1 guest

cron