Do I need to set file permissions to 755 on folders in a password-protected folder?

dougmcc1

The website I'm creating has an administration where all the scripts and include files are stored. It's password protected and has a file permission of 755.

Do I need to set the file permission to 755 on the folders within my administration as well or can they be 777 since it's password protected anyway?

I'm having trouble getting stuff to communicate in the admin. For example, when I run a script it creates a page from a template and tries to store it in a folder but it says permission denied on that folder unless I have the permission set to 777 on it.

So I'd rather just 777 everything in my admin and keep it password protected if that is secure. Thanks for your input.

LordShryku

When you say "password protected", you mean the website is password protected, right? From that aspect, depending on what method you use, the subfolder permissions don't matter. If you use custom sessions, it will only matter that you are checking for the right session permissions in your code. If you use .htaccess, any subfolders within the protected folder should require a login also. The folder permissions really only matter when accessing the server filesystem.

dougmcc1

The administration is password protected, not the whole website. And I am the only one who needs access to the administration so there aren't custom sessions.

"If you use .htaccess, any subfolders within the protected folder should require a login also"

What do you mean by 'should require'? It would be a good idea to password protect them also, or they should automatically be password protected?

I'm guessing you mean the latter because site.com/admin is password protected and when I type in site.com/admin/subfolder I'm also prompted for a password. Is that what you meant? And FWIW, I haven't done anything with the .htaccess file regarding security but I do use one to parse PHP in HTML files.

"The folder permissions really only matter when accessing the server filesystem"

What is the server file system? FTP?

Thanks.

laserlight

What do you mean by 'should require'?

well, if the .htaccess permissions are inherited properly, such an effect would take place.
the "should" is sort of a disclaimer in case they dont work as expected.

What is the server file system? FTP?

not quite, since FTP is a protocol, not a file system.
the server file system is just the directory hierarchy of files on the server, and the system that accesses/maintains it.