Why use 777 for image folder?

[Bighawk]

Folders are 755, except for 'images' and 'graphs' which are 777.

 

Why would anyone require more than 644 on the image folder?

Other than the owner why would anyone need to 'r' or 'x' the image folder?

[Bighawk]

Other than the owner why would anyone need to 'r' or 'x' the image folder?

 

Sorry should read

Other than the owner why would anyone need to 'w' or 'x' the image folder?

[tina_boots]

Sorry should read

Other than the owner why would anyone need to 'w' or 'x' the image folder?

 

In general when you say FTP into your site you are authenticated as the owner. And if that were the only way you ever modified a file in a particular folder then you would not require 777, 644 would suffice. However when you connect to the web site via a browser, you are doing so anonymously. Even if you are using .htaccess, that does not go to the operating system to check credentials.

 

So in this particular case you are most likely adding an image for a product using the utility in your admin console. In other words connecting through a browser anonymously and therefore that "account" needs to have the rights to write to the folder.

 

Be well,

Tina

[AlanR]

So in this particular case you are most likely adding an image for a product using the utility in your admin console. In other words connecting through a browser anonymously and therefore that "account" needs to have the rights to write to the folder.

That's not accurate.

 

It's about which user php is running as.

 

If you read through this thread you'll understand the issue. In this case php is running as user nobody and nobody is not the owner of the folder or in the group which has access to the folder. He has to run 777.

 

http://www.oscommerce.com/forums/index.php?showtopic=189282

 

nobody needs to be able to write to the folder so the only way to let nobody write to the folder is to give the folder world write permissions.

 

This is not always the case, on the servers I use php identifies itself as my user so I have no need to set the image folder permissions higher than 755 and I never would.

 

You can find out which user php runs as by running this little script. Just name it whoami.php

 

<?php
// outputs the username that owns the running php/httpd process
// (on a system with the "whoami" executable in the path)
echo 'php is running as user: ' . exec('whoami');
?>

 

Bottom line: Set the write permissions as low as you can and still have the store function.

[♥Vger]

I know that's my quote. Because I answer so many posts I do try to make my advice as generic as possible, but Alan R's advice is sound. I have never had to use more than 755 for the images folders, but (unfortunately) many people do need to use 777 - simply because of their server set-up. And it's not just confined to the "one wannabe geek and his server" operations but also applies to some big hosting companies.

 

Vger

[tina_boots]

That's not accurate.

 

It's about which user php is running as.

 

I stand corrected, thank you for correcting my erroneous information.

 

Tina

[Bighawk]

Thanks for the help. I now have a much better understanding with the rational.

 

Alan's thread helped. whoami.php says I?m a somebody.

 

Vger... your too good... can't get any of those quotes past you. Your input is always appreciated!

 

 

Regards