Topic: permissions

I have had to set my permissions to -rwxrwxrwx for svmanager to work otherwise it doesn't work.  would someone be able to explain to me what security risks are really involved with setting it this way?  Also when svmanager creates its own files they have -rw-r--r-- permissions set then it complains that it can't access those files.  How can I tell svmanager to set  -rwxrwxrwx for whatever files it creates

Re: permissions

This is my understanding to the best of my knowledge and I'm not a specialist in server security. Comments from other forum members are (as always) welcome.

It depends on how your server is set-up.  The danger is that another user on your server could modify or delete your files. So it has to be somebody with malicious intent who already has access to your server, not just anyone out there on the Internet. It's not unusual to have to use rwxrwxrwx (aka 0777) permissions so most administrators of shared hosts will have taken extra steps to prevent their users from interfering with each other. Ask your server admin/helpdesk what precautions are in place to protect your files from other users if you use rwxrwxrwx permissions.

It's worth noting that usually it's not necessary to set everything to rwxrwxrwx, just certain files and folders that are listed in the user manual.

It's unusual for a script to have problems accessing the files that it creates itself. Again, it depends on the server setup but usually, the script becomes the owner of the files  and the first part of the -rw-r--r-- gives read/write access to the owner.

However, svManager does have a way to control the permissions on new galleries. Or at least to try to set the permissions if the server will allow it. Edit the file svmanager/includes/constants.php and find the following lines:

// Attempt to set permissions on new gallery folders (default is false)
define('NEW_GALLERY_CHMOD', false);
// Permissions for new gallery folders (only if NEW_GALLERY_CHMOD is true)
define('NEW_GALLERY_DIR_MODE', 0755);
// Permissions for files inside new galleries (only if NEW_GALLERY_CHMOD is true)
define('NEW_GALLERY_FILE_MODE', 0644);

Change NEW_GALLERY_CHMOD to true (no quotes) and the permissions to what you need – you may have to experiment a little.

And to anyone who is reading this and has a web site, with or without svManager, here is some really boring but good advice – the person who is most likely to screw-up your website is the person with the fullest and most frequent access to it – that's you – so take regular backups!

jack

Jack Hardie
SimpleViewer Support Team.

Re: permissions

thanks for the reply it was just what I was looking for.  It would be helpful to include some of these things in the help document for svmanager.  The "owner" of these documents is "99" but my server seems to reset itself and set all documents to myself as the owner so luckily after a bit of time has past I can alter the files.  Is there a way I can just change what user it uses and just set my admin username and pass for my webserver within svmanager.

Re: permissions

It's theoretically possible for a script to change the owner of the files but in practice it rarely works because the server admin has blocked it, so this is not included in svManager.

jack

Jack Hardie
SimpleViewer Support Team.