Hey DevNetwork,
I'm in the process of installing dotProject, and it has this message: "If the message 'World Writable' appears after a file/directory, then Permissions for this File have been set to allow all users to write to this file/directory. Consider changing this to a more restrictive setting to improve security. You will need to do this manually."
I've tried setting the folders to 775, and dotProject continues to say it can't write to them; but if I set them to 777, it will say it can write to the folders but puts 'World Writable' after it.
-- Edit: That is, if the Write permissions for the World aren't enabled (772, 773, 776, 777), it won't work, but if they are, it says 'World Writable'. It's an either-or, it seems... --
I'm on a shared Apache 1.3.x host; if there is anything else you might need to know to help me, I'll try to find it and post it here.
- Nathaniel
Allowing dotProject to write to folders without chmod 777?
Moderator: General Moderators
I realise you posted this a good while ago but I've been having the same problem / concerns and a search on Google didn't get me anywhere.. apart from your post.
Did you ever find a solution?
From general linux web dev I've found that I need to make folders world writable to be able to upload files to it from a browser, but that does seem a security risk to me...
Did you ever find a solution?
From general linux web dev I've found that I need to make folders world writable to be able to upload files to it from a browser, but that does seem a security risk to me...
It is a common issue with shared hosting - one Apache user (for all clients) and many FTP users (for each client). The Apache user should have READ permission (and EXECUTE where it is expected, e.g. cgi-bin) on all files. If you want to upload file by using HTTP upload, then you have to chmod 0777 (by using your FTP user) the upload directory. The reasons for doing this are simple:
- 777 mode permits all users (including Apache) to have WRITE permissions on this directory - bad idea, but it is the only one working;
- chmod 770 is useless because if the Apache user (which is the one ALL clients have access to) is in the same group as your FTP user, then it is not "World writable", but "Apache user writable", which means all of the hosting clients still have write access to this directory;
- chmod 700 is useless because Apache user wouldn't be able to write to this directory (owned by the FTP user).
In fact, there is a solution - using VirtualHosts for Apache and PHP. So, clients are able to open only their own files.
E.g.:
- 777 mode permits all users (including Apache) to have WRITE permissions on this directory - bad idea, but it is the only one working;
- chmod 770 is useless because if the Apache user (which is the one ALL clients have access to) is in the same group as your FTP user, then it is not "World writable", but "Apache user writable", which means all of the hosting clients still have write access to this directory;
- chmod 700 is useless because Apache user wouldn't be able to write to this directory (owned by the FTP user).
In fact, there is a solution - using VirtualHosts for Apache and PHP. So, clients are able to open only their own files.
E.g.:
Code: Select all
<VirtualHost *:80>
ServerName example.com
ServerAlias *.example.com
User exampleuser
Group examplegroup
DocumentRoot /hosting/example.com/htdocs
CustomLog "/wwwlog/example.com/access.log" combined
ErrorLog "/wwwlog/example.com/errors.log"
<Directory "/hosting/example.com/htdocs">
AllowOverride AuthConfig Indexes Limit Options
Allow from all
</Directory>
Include /usr/local/apache/conf/example.com-vhost.conf
php_admin_flag engine on
php_admin_value open_basedir "/hosting/example.com/:/usr/lib/php/"
php_admin_value doc_root /hosting/example.com/htdocs
php_admin_value session.save_path /hosting/example.com/tmp
php_admin_value upload_tmp_dir /hosting/example.com/tmp
php_admin_value sendmail_from admin@example.com
# php_admin_value file_uploads on
# php_admin_value upload_max_filesize 10M
# php_admin_value post_max_size 10M
</VirtualHost>There are 10 types of people in this world, those who understand binary and those who don't