WordPress.org

Ready to get started?Download WordPress

Forums

chmod /tmp/ 777? (6 posts)

  1. levin71
    Member
    Posted 8 years ago #

    Should I chmod my root /tmp/ directory to 777 so WP could access the directory? If so, how can I make sure the directory will be safe?

  2. MattRead
    Member
    Posted 8 years ago #

    Yes.

    Safe? Make the files in it have the right perms.

  3. levin71
    Member
    Posted 8 years ago #

    But, even if I can protect the existing files, doesn't it still allow others to put or execute files in the directory? I asked this because it happened already.

  4. whooami
    Member
    Posted 8 years ago #

    yes it does.

  5. levin71
    Member
    Posted 8 years ago #

    Sorry, I think I've not got my concern solved here. Let me rephrase my question: "How can I chmod /tmp/ 777 without risking my server security?" A few days ago, when I chmod 777 the directory, someone compromised my server. Can anyone give me a solution?

    Thanks a lot..

  6. whooami
    Member
    Posted 8 years ago #

    "How can I chmod /tmp/ 777 without risking my server security?"

    Is this your own box? Assuming it is, the only way to reduce the risk (using those settings) is to make sure you chose wiesly about who you allow access, and what sort of access you allow, and what sort of applications you allow them access to.

    Read up on NIX security -- there are 100's of good web sites that have pointers and tips.

    Anyone with shell access can wreak havok with a wide open /tmp dir. Less so with just web access, but it can be done all the same.

    One better solution is to stick with only allowing world-writable files or directories inside a user's /home directory, atleast than it's "localized" grief.

    Lastly, and even more generally, stay current with your distros updated packages.

    ** Alot of this isnt just NIX advice either obviously.

Topic Closed

This topic has been closed to new replies.

About this Topic