Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
I have a centos 5.8 VPS which is running mod_php rather than fastcgi which i’m used to on shared hosting, and I’ve run in to the problem that various bits of php intended to write to files need those files to be world writable. The files that are written are like the database for the website, and the rss xml. This isn’t secure, is it? What should I do to make it secure?
Who has access to this machine? In other words, who is “world” in this scenario? If it is only you, then you don’t have anything to worry about, do you?
However, if this system is shared with other people, do you trust all of the admins? If you don’t, there’s very little you can do to protect your files.
If it is other non-admin users on the system that you are worried about, then you do not want to make your database world-writable. If you cannot write to those files, then the process writing to them (mysql, apache, etc) is running as the wrong user. Preferably, you’d want your files to be owned by the same user as those processes are running under – but only if you can trust that user! If you can’t, then you’re probaby straight out of luck.