CHMOD 777

[keat]

V6.0.1

 

I've found that the site won't work quite correctly without a number of folder permissions being set to 777.

Cache & Files for instance.

 

I always assumed that 777 was a security risk ?

[Al Brookbanks]

CubeCart should detect the correct writable value. 0755 should be fine in many circumstances. The code to detect the correct value probably doesn't always get it right. 

[havenswift-hosting]

I've found that the site won't work quite correctly without a number of folder permissions being set to 777.

Cache & Files for instance.

What php handler is running on the server where you site is installed - you will not be running suPHP or FCGI with suExec, which is recommended for security and allows / forces 755 permissions on all directories

I always assumed that 777 was a security risk ?

Having 777 permissions on any directory is a big security risk, especially if you are on a shared hosting platform. Any security hole on any other account on that whole server opens up all 777 directories to being written to and having files executed from by the hacker.

Ian

[keat]

I have my own dedicated server.

Running PHP 5.3.29 (can't upgrade any higher at the moment due to incompatibilities with V3)

Handler is DSO

 

Apache Mod_Ruid2, and SUexec

[keat]

The minute i change all folders back to 755, i have issues.

For instance, in the products inventory or products overview, the font size increases.

This goes back to normal if i chmod the cache folder to 777 or 757.

 

If i try to print a customer order form, I receive "not possible to generate printable file", but i've not yet determined which folder this is.

 

For the time being, until i can be sure of security, i've changed all folders to 755.

[Al Brookbanks]

That suggests to me that errors are being displayed at the top of the screen? That normally throws the font size out of whack.

[havenswift-hosting]

Hi

You are using DSO so all scripts are executed using the Apache user "nobody" hence needing 777 directory permissions. Why not simply use suPHP if that is what you are trying to achieve or alternatively FCGI with suExec but be aware that you need a LOT of memory for this last option although might be best due being able to use opcode caching.

If you have somebody that manages your server for you then ask them for advice / to change this. If you do this yourself, then you need to understand the differences and implecations of the different php handlers. A good introduction is the one by Chris Wiegman https://www.chriswiegman.com/2011/10/fastcgi-vs-suphp-vs-cgi-vs-mod_php-dso/. He was the developer who wrote the most widely used security plugin for WordPress (later sold to iThemes). suPHP is now faster than it was but the choice between suPHP and FCGI with suExec needs to be taken on a case by case basis

Ian

[keat]

SUphp isn't compatible with Ruid2, and it was suggested on the WHM forum that Ruid2 was a better security feature than SUphp, hence the reason i'm running DSO.

[havenswift-hosting]

SUphp isn't compatible with Ruid2, and it was suggested on the WHM forum that Ruid2 was a better security feature than SUphp, hence the reason i'm running DSO.

That's OK then - you obviously have it all under control !

[keat]

FCGI.. what would be regraded as a lot of memory to run this ?

[keat]

If this info helps anyone else,

 

Then this evening I reconfigured my PHP config.

I removed PHP Mod_Ruid2 and switched to SUphp  with SUexec and initial signs would indicate the permissions thing may be fixed.

 

 

I wouldn't expect everyone to understand any of that, but it might just help someone in the future.

 

More testing tomorrow during work time.