file permissions on wp-config.php?

carbohydrate
(@carbohydrate)

20 years, 10 months ago

hi! i just got WP up and running following the wiki instructions. right now, wp-config.php is set to 644 root:root. as you know, this file contains the mysql dbase username:password. when i was installing WP, the wiki instructions had me grant all privileges to the dbase to the user in the world readable file wp-config.php.

i dont have any local users on this box, but as you could imagine, having a world readable file with the credentials of a privileged dbase user doesnt make me feel comfortable. i think chowning the file to the apache user and the chmod 640 would do the trick, but i was wondering if there might be any problems in doing this or was there something i missed in the wiki? sorry if i overlooked something. thanks!

Viewing 9 replies - 1 through 9 (of 9 total)

moshu
(@moshu)

20 years, 10 months ago

Try to read my “word readable” config file:
http://www.transycan.net/blogtest/wp-config.php

(answer plagiarized from Podz 🙂

Thread Starter carbohydrate
(@carbohydrate)

20 years, 10 months ago

thanks for the reply. thats reassuring to know that!

but my question had to do more with local users actually logged into the server via telnet, ssh, or whatever… they could easily read the file. in my case, i have no such users (besides myself) but suppose some other service gets compromised and someone gains access as whatever user the daemon was running as, they could tool my dbase. of course, they could do other things that hit harder (root kit, etc), but i was just wondering if there was a way to lock this down a bit more, just out of curiosity.

thanks again

Moderator James Huff
(@macmanx)

20 years, 10 months ago

but my question had to do more with local users actually logged into the server via telnet, ssh, or whatever… they could easily read the file.

That is a risk in every shared hosting environment. The only preventative measure is your hosting account and FTP login password. So, make it a really good password. Try using your own, unique DNA sequence, inter-mixed with numbers familiar to yourself, like your High School ID number, or a former credit card.

Thread Starter carbohydrate
(@carbohydrate)

20 years, 10 months ago

macmanx,

i was afraid that would be the answer!

vkaryl
(@vkaryl)

20 years, 10 months ago

Idle curiosity question, macmanx: how would one go about finding one’s own unique DNA sequence?

[We didn’t have “ID” numbers in high school. I have to assume that’s something instituted since I graduated – in the mid 60s….]

Pizdin Dim
(@pizdin_dim)

20 years, 10 months ago

I always configure all files in my web directories to chmod 640 and chown root:httpd, where httpd is the apache web server user. Likewise, directories are configured to chmod 750. I can’t think of any reason why you’d want to chmod files to 666 and directories to 777, WordPress certainly doesn’t need it.

Thread Starter carbohydrate
(@carbohydrate)

20 years, 10 months ago

thanks pizdin, Ill give that a try. I was going to chown them to httpd:httpd, but root:httpd sounds much better.

Moderator James Huff
(@macmanx)

20 years, 10 months ago

Idle curiosity question, macmanx: how would one go about finding one’s own unique DNA sequence?

You’d have to get a blood sample and then find a blood lab that’s kind enough to do the analysis for free, or hope that they have low prices. You could also find a generous med student who might be looking for a project to do.

angsuman
(@angsuman)

20 years, 10 months ago

@carbohydrate
Go for at least VPS hosting, provides more protection.

@vkaryl
Getting you whole human DNA sequenced is a herculean job. But you can easily get certain segments sequenced freely. Do a HLA profile by registering as a kidney donor. You will get allelles for each locus.