Support » Fixing WordPress » chmod /tmp/ 777?

  • levin71

    (@levin71)


    Should I chmod my root /tmp/ directory to 777 so WP could access the directory? If so, how can I make sure the directory will be safe?

Viewing 5 replies - 1 through 5 (of 5 total)
  • MattRead

    (@mattread)

    Yes.

    Safe? Make the files in it have the right perms.

    levin71

    (@levin71)

    But, even if I can protect the existing files, doesn’t it still allow others to put or execute files in the directory? I asked this because it happened already.

    whooami

    (@whooami)

    Member

    yes it does.

    levin71

    (@levin71)

    Sorry, I think I’ve not got my concern solved here. Let me rephrase my question: “How can I chmod /tmp/ 777 without risking my server security?” A few days ago, when I chmod 777 the directory, someone compromised my server. Can anyone give me a solution?

    Thanks a lot..

    whooami

    (@whooami)

    Member

    “How can I chmod /tmp/ 777 without risking my server security?”

    Is this your own box? Assuming it is, the only way to reduce the risk (using those settings) is to make sure you chose wiesly about who you allow access, and what sort of access you allow, and what sort of applications you allow them access to.

    Read up on NIX security — there are 100’s of good web sites that have pointers and tips.

    Anyone with shell access can wreak havok with a wide open /tmp dir. Less so with just web access, but it can be done all the same.

    One better solution is to stick with only allowing world-writable files or directories inside a user’s /home directory, atleast than it’s “localized” grief.

    Lastly, and even more generally, stay current with your distros updated packages.

    ** Alot of this isnt just NIX advice either obviously.

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘chmod /tmp/ 777?’ is closed to new replies.