File Permission Settings - Cache - and CHMOD 777

Are you responsible for making OJS work -- installing, upgrading, migrating or troubleshooting? Do you think you've found a bug? Post in this forum.

Moderators: jmacgreg, btbell, michael, bdgregg, barbarah, asmecher

Forum rules
The Public Knowledge Project Support Forum is moving to

This forum will be maintained permanently as an archived historical resource, but all new questions should be added to the new forum. Questions will no longer be monitored on this old forum after March 30, 2015.
Posts: 47
Joined: Sat Mar 31, 2007 10:06 pm

File Permission Settings - Cache - and CHMOD 777

Postby stabb » Tue May 15, 2007 8:41 pm

Hi Guys

Hope you dont mind, I may start to bombard you with a whole lot of questions.

I have one regarding the Cache file and how I can set it up to be more secure. I will go in any direction, I just need your trusty advice.

A while ago, I posted a thread to do with my initial ojs site getting hacked.

ascmecher said:
If you set your file permissions wide open (e.g. 777), someone else on a multi-user system could have used your file area to launch attacks without needing to find a vulnerability on your website. You should never use 777 permissions on a production server; many alternatives are available but will depend on your server configuration.

It seems we cant do without the 777 file permissions. could you possibly present me with an alternative? Or point me in a direction to research upon.

Also just a more general question, if I set files to be world writeable (777). Does this mean that anyone can edit those files residing on the server?


Posts: 10015
Joined: Wed Aug 10, 2005 12:56 pm

Postby asmecher » Wed May 16, 2007 12:16 am

Hi James,

The most secure setup will be something like FastCGI that will permit PHP to run in a setuid environment; however, this is not a common configuration. (If you're using a shared host, check your phpinfo to see if this is the case.)

The next best is to have all files in the "cache" directory be owned by the web server user, e.g. "apache" or "www-data" depending on your distribution and configuration.

Alec Smecher
Open Journal Systems Team
Don't miss the First International PKP Scholarly Publishing Conference
July 11 - 13, 2007, Vancouver, BC, Canada

Return to “OJS Technical Support”

Who is online

Users browsing this forum: Baidu [Spider] and 2 guests