On a VPS if you enable PHP with SuEXEC, then permissions can not be set to 777 and all functions should work properly with 755. Perhaps you can recompile PHP differently?
CHMOD 777 is never a good idea, IMO, but I believe the risk is indeed less if it’s only the one site hosted on the server. Still, make sure you have other security measures in place such as mod_security, csf firewall, etc.
Hi ANA Designs,
Thanks for the quick reply.
I just had a look and Plesk has a fairly limited set of options with regards to the PHP Settings.
I don’t see a SuEXEC option anywhere, it is currently set to run PHP as an ISAPI Extension?
Regards
Tbone17
Ah, my mistake….suPHP is the configuration available for Plesk servers. However, it does not come by default nor can be enabled from Plesk. It has to be done manually by creating a special wrapper for Plesk to make suPHP actually work with Plesk System. I don’t know how to do this as I use WHM to compile PHP.
Having WHM with a VPS is a invaluable for half-techies because you can do this sort of stuff with only a couple of clicks.
Sorry to not be of more assistance. Perhaps googling will help, or maybe someone with more knowledge of Plesk can chime in.
Hi Tbone17,
Obviously on a shared hosting platform this would be a security risk but does this matter on a private server?
Yes, it does matter.
Disclaimer: I never used IIS or Plesk.
But, I was in a situation where I had to do two following things to install plugins and update the WordPress core on a particular VPS server.
- chown -R user:group_of_webserver /path/to/public_html/
- chmod -R g+w /path/to/public_html
As you might guess, it is a tedious work to do the same after every update of each plugin used. If we add any caching plugin that needs writing permissions on a particular directory, then it becomes even more complex. After each update, the permissions need to be reversed too.
In this case, the best thing to do (disclaimer:I’m not doing it), is to switch the installation to SVN set up and make a script to run at the end of every day.
Again, if you are setting up SVN, there are two ways to do. One is using the trunk version (that might have bugs, even though they are bug fixes at times) and other is using the stable tag/version. In the case of using stable tags, I have not done any automation. There may be a way that someone else could help!
Anyway, it’s best not to use 777 at any VPS even if it is the only site.
777 permissions are a security risk in any situation. It sounds like you have to use the 777 perms because the file is not owned properly. Thus, allowing the “World” to be able to have open permissions fixes the issue.
