Directory Deletion

brendan2b

Is their any way that someone can access a directory on my site and delete all the contents in it? I have all my uploads in one folder, so what chmod should I set it to so people can still upload files without them having anymore access to the folder? I just want to make sure everything is secure.

Thanks.

NogDog

If you do not want any other user to be able to delete a file or directory, then make sure only the file owner has write access (2). Thus the chmod values for the last two digits must be either 5 (read + execute), 4 (read only) or 0 (no access). So assuming you still want to be able to write/delete them, anything like the following for chmod:

644 (owner read/write, all others just read)
755 (owner read/write/exectue, all others read/execute)

Of course, you want to make sure your login and FTP passwords are secure and not easy to guess (best to use upper and lower case letters plus numbers and special characters). But if someone should crack the host's root (superuser) login/password, it doesn't matter how secure your password is. 🙁

brendan2b

When I changed it to 755 however, I was not able to upload files. I have an index.php file in there so people can't see the contents of the folder, but really how secure is it?

NogDog

That's one of the annoying problems with PHP installed as an Apache module on a shared server: the scripts are run under a separate user account rather than under your personal account, so if you want your script to be able to write to or delete a file, then you have to give write permission to all on the directory/files in question.

brendan2b

So the best I can do is just put an index file there and pray that no one wants to try to hack it and delete it?