Is setting CHMOD to 777 Dangerous?

[curtdonohue]

I'm trying to install Prestashop and spoke with the technical support representative from BlueHost regarding questions I had on setting the file permissions to 777 as stated in the following installation instructions:

While you have your FTP connected to your Web hosting server, make sure the following PrestaShop folders have ‘write’ permissions (also known as “CHMOD 777” – explanation of file permissions here) but do not apply these permissions recursively (to their subfolders): /config, /upload, /download, /tools/smarty/compile. Then make sure the following folders have ‘write’ permissions and apply these permissions recursively (to their subfolders): /img, /mails, /modules, /themes/prestashop/lang, /translations

They were very concerned that anyone could harm my website because I was providing full privileges to any user who happened to be on my website. The tech support rep gave me the analogy of leaving the keys in my car with the doors unlocked on a busy street in a bad part of town. In other words. someone will take advantage of this unrestricted permission setting.

Can you help me understand why I need to have permissions set to 777? Will 755 work? What risks are there by setting those particular folders to 777? Thanks in advance.

[rocky]

Yes, it is dangerous to set chmod 777 permissions. You should only use chmod 755 for directories and chmod 644 for files. You should only use chmod 777 on older servers where chmod 755 causes write problems, though it would be better to go to a different host that does work with chmod 755 in that situation.

[curtdonohue]

Thank you. Good to know.

[Pami]

For windows permission foldres write 777 download cute ftp - globalscape it works!

[uGoGo]

Thank you Rocky

I was also quite worried about the 777, so I will change all folders back to 755 and files to 644.

But is there a way to advise prestashop to update their wiki, then, because it means many users may get this danger.

[rocky]

PrestaShop has already been advised of this issue on the bug tracker, but they decided not to change the wiki. They say some servers require chmod 777 to work, so they would rather have instructions that work for everyone.

[uGoGo]

Ok, wow, thats hectic.

So how would someone know if 755/644 would work on their server or not, I suppose just trial and error?

BTW its works for me just fine, one of the easiest cart software I have found, very very smooth.

[jhnstcks]

On servers that run suPHP permissions 777 and 666 dont work, if you try to access anything with these permissions it will give a 500 server error. These servers require every folder to be 755 and every file to be 644.

[shahriar]

Yes, it is dangerous to set chmod 777 permissions. You should only use chmod 755 for directories and chmod 644 for files. You should only use chmod 777 on older servers where chmod 755 causes write problems, though it would be better to go to a different host that does work with chmod 755 in that situation.

i just move my shop to other host , at first i had many error and after i turn on debug i see all my problem come form permission of file and folder , in new host i have to set all cash file permission as 777 otherwise i will get error and withe page . same files in my old host set as 644 and the site working well .

 

Can u tell me what shall i do that in new server i can to set files permission on 644 without any error ? 

[selectshop.at]

Correct settings for PS 1.5 x.:

 

The following folder should have write permissions (CHMOD 0750 or 0755): Some hosters do not support 0755 and allow only 0750

/cache
/cache/cachefs
/cache/smarty
/cache/smarty/cache
/cache/smarty/compile
/cache/tcpdf
/classes
/config
/config/xml/
/controllers
/css
/docs
/download
/img
/js
/localization
/log
/mails
/modules
/override
/pdf
/themes/default/cache
/themes/default/lang
/themes/mein Thema/cache
/themes/mein Thema/lang
/translations
/upload
/webservices

All other files  should have write permissions CHMOD 0640 or 0644  (exception for .htaccess, robots.txt and sitemap.xml - CHMOD 0664)

[shahriar]

Correct settings for PS 1.5 x.:

 

The following folder should have write permissions (CHMOD 0750 or 0755): Some hosters do not support 0755 and allow only 0750

 

/cache

/cache/cachefs

/cache/smarty

/cache/smarty/cache

/cache/smarty/compile

/cache/tcpdf

/classes

/config

/config/xml/

/controllers

/css

/docs

/download

/img

/js

/localization

/log

/mails

/modules

/override

/pdf

/themes/default/cache

/themes/default/lang

/themes/mein Thema/cache

/themes/mein Thema/lang

/translations

/upload

/webservices

 

All other files  should have write permissions CHMOD 0640 or 0644  (exception for .htaccess, robots.txt and sitemap.xml - CHMOD 0664)

Thank you , i will go to check how it will works 

[shahriar]

when started to change permission site explode , so i copy all files again , to new host .

 

Friendly URL : OFF

Debug : ON

 

then i went to Regenerate thumbnails

 

i got this error 

Cannot write "No picture" image to (categories) images folder. Please check the folder's writing permissions.

i changed this folder permission to 0750 , 0755 , but still got same error

 

/img

/img/c

/img/tmp

 

i dont know why my host like that , is it possible becuz of apache server ?

apache server is 2.2.16

[selectshop.at]

The error states that there are no pictures available on folder. Please check. Perhaps your provider does not support chmod 0750(5) too. Please ask him. In this case you should set 0777, but as stated before there is a safety risk. You should search for a better provider in this case...

[shahriar]

The error states that there are no pictures available on folder. Please check. Perhaps your provider does not support chmod 0750(5) too. Please ask him. In this case you should set 0777, but as stated before there is a safety risk. You should search for a better provider in this case...

im running site on my own server , i have 3 physical firewall front of it , also install lastest ver of , PHP , Apache , mysql and etc. and everything working well . 

 

on this server was ran a shop before (but wasn't prestashop) , since i decided to shif to prestashop . 

can you tell me how can i set chmod for my server ? i have linux debian 

[selectshop.at]

CHMOD for files you set on FTP with Filezilla for example.Right mouse click on folder or file and change CHMOD.

[shahriar]

CHMOD for files you set on FTP with Filezilla for example.Right mouse click on folder or file and change CHMOD.

i didnt install FTP on my server , only SSH access and winSCP , with winSCP o can to change permission .  

the problem is only if i make them as 0777 site working , all folder and file above should be 0777 . i dont know CHMOD is a module of apache?

[prestamax]

If your server requires 777 chmod check if you have the option to run php as fastcgi.

If you change the php settings to fastcgi permission problems will be gone in most cases and no need to use unsecure 777 settings.

Some hosters have fastcgi as option in their settings others give this option through .htaccess entry.

Edited January 17, 2014 by prestamax (see edit history)

[selectshop.at]

You are running an Apache or an IIS ? For Win-Servers you cannot set file permissions. Right permissions are set only on an upper instance and they are not flexible.

 

With winscp you access your FTP and can also set permissions (CHMOD) by folder and/or files, but only on Linux-Servers. Winspc is the same as filezilla, it is a FTP Client tool and works for Windows-Server and also for Linux. If you are running Windows-Server than you have to convert your .htaccess to a web.config. IIS has integrated a tool for this. Check on your panel.

 

By the way, after one year problems running prestashop on a windows-server I get back to linux. Although Prestashop also runs on Windows there are several problems with rewriting and permissions (and this each time you install a new module or feature). As from my experience I don't think that Windows-Server are ideal partners for to host Prestashop.

Edited January 19, 2014 by selectshop.at (see edit history)

[hakeryk2]

On 16.01.2014 at 9:48 AM, selectshop.at said:

Correct settings for PS 1.5 x.:

 

 

Are these are correct for 1.6.1.* as well? I am askiging specific for /controllers/ because I had 750 instead of 755 and I don't know if it is safe to do so.

Edited January 31, 2018 by hakeryk2 (see edit history)