Most secure chmod settings?

[Greg Robson]

Having just installed the board to see how it works and I realised that I hadn't chmod'ed any of the folders from their original 777.

I was wondering what the most secure chmod settings were considering that the board still has to run!

I'm assuming everyone needs read, but what about write and execute? Does write get handled by the mySQL database so the PHP part can have write access removed?

Many thanks,
someone who is using the coolest damn board in the world!

[Joseph Fung]

Really, you should only have to give write access to Settings.php and settings.bak

Everything else *should* be ok with read-only access.

[barnaby]

What are the default settings given to it when it uploads?  Or is it dependant on the FTP software?

And we need to leave the folder we created to put everything into as 777 for it to work, right?

[Mark]

Default is like this:

Default is like this:

.	Read	Write	Execute
Owner	O	O	X
Group	O	X	X
All Users	O	X	X

[adams]

hrm........ Is there not a workaround for this (I'm thinking for YaBBSE not for my paticular case) for example couldn't the mod updater chmod all the files to 666 when it was modding and then revert it back when it was finished. It doesn't seem like a good idea to always let everyone modify the source.

[Zef Hemel]

Really, you should only have to give write access to Settings.php and settings.bak

Everything else *should* be ok with read-only access.

Until you try to install packages

[Greg Robson]

I get the impression that it would be best to keep removing access rights unitil the board doesn't work! Then add the last access right you removed!

[Peter Duggan]

Having searched this site for 'Settings.bak' after having problems with my Forum Preferences and Settings, I did what was recommended by Joseph and others, created it and chmoded it to 777. So it works like that, but it's not secure! Anyone can call it up from their browser and check my database password etc. So I've chmoded it back to 700 for now, which isn't quite so handy.

Any advice?

[Jeff Lewis]

1.1.0 is using Settings.bak.php.  So in your admin section you can look for the code that is making the backup (search for Settings.bak) and change it to Settings.bak.php

That way it can't be read from the web...

[Peter Duggan]

Thanks Jeff

I'd downloaded and installed 1.0.0 because of all the warnings about feeling comfortable with PHP/MySQL and all that (so I know HTML pretty well but PHP/MySQL is new territory!), but your answer seems to be recommending the upgrade anyway and I've bookmarked your thread on upgrading from 1.0.0 to 1.1.0 to study ASAP. In the meantime (probably just for a few days), is there any reason why I shouldn't manually edit the settings files if chmoding my existing .bak to 777 isn't safe. And, if that's OK, do I need to do both .php and .bak or should I ditch .bak and just edit .php?

One more thing (probably for a different thread, but I was already posting here) is that my board seems to be crawling half the time compared to this one, with a number of server hangups when trying to access index.php or save admin settings. My new host's facilities should obviously be capable of coping with me testing the board (I didn't sign up with them lightly, and they've turned out to be running PHP 4.0.6 after all), but I've read somewhere here (searched the whole site for 'slow'!) about speed problems with 1.0.0 and index.php. So have I missed a fix or something, or can anyone make any suggestions? As soon as my DNS changes go through, I can give you all a URL for the board and get it registered, but that seems pointless at the moment with the DNS changes imminent!

Thanks again
P

PS 'Pointless' because I've got it running at a temporary sub-domain, so the URL will be changing!

[sydney078]

So, all of our Yabb SE Folders dont need to be at 777??   What should they be at?  I have the first verision of SE if that helps

[Peter Duggan]

your answer seems to be recommending the upgrade anyway

Or perhaps I've missed the point and you're suggesting I edit the admin code of 1.0.0 to use Settings.bak.php!

[Jeff Lewis]

Peter, that is what I am suggesting  Also, where did you read that there are speed issues?

[Peter Duggan]

Peter, that is what I am suggesting  Also, where did you read that there are speed issues?

An old post of Joseph Fung's. Just something I turned up on a search... but I've since discovered (on following it up) that he must have been referring to a pre-release version and not 1.0.0. Sorry if I seemed to be implying anything more (I know this board is fast), but I was only trying to help myself by searching before asking!

Have to check out one or two things with my host (my board seemed to be running better late last night) and will post a URL as soon as it's permanent (which should be as soon as the temporary sub-domain is replaced by the DNS redirection).