Permissions issue.

Get help with installation and running phpBB 3.0.x here. Please do not post bug reports, feature requests, or MOD-related questions here.
Anti-Spam Guide
Forum rules
END OF SUPPORT: 1 January 2017 (announcement)
Locked
samsurfer117
Registered User
Posts: 5
Joined: Thu Sep 22, 2016 9:41 pm

Permissions issue.

Post by samsurfer117 » Sun Sep 25, 2016 8:51 pm

Hello!
I've followed the installation directions for phpBB 3.0.x and added full permissions (chmod 777) for the following directories;
-files/
-cache/
-store/
-images/avatars/upload/

Unfortunately I am planning to open my server to free shell accounts, and 777 permissions on these folders would be a blaring security hazard.

Is there any way to get away with permissions that are a tad bit more strict and still have phpBB 3.0.x still run?

User avatar
Lumpy Burgertushie
Registered User
Posts: 66342
Joined: Mon May 02, 2005 3:11 am
Contact:

Re: Permissions issue.

Post by Lumpy Burgertushie » Sun Sep 25, 2016 9:30 pm

isn't offering free shell accounts a very big security concern to start with?

as to your question;

the files folder is for attachments. if you do not allow attachments then you don't need that folder to be writeable.
store folder only needs to be writeable if you make database backups from the admin panel and have them stored there.

images/avatars/upload only needs to be writeable if you allow users to upload their own avatars.

the cache folder needs to be writeable for the board to operate correctly.

you can try reducing the chmod permissions and test. sometimes 777 is not required.

I have never heard of a single case of a server being hacked into because of a folder with 777 permissions but I guess it would be possible.

and, last but not least; why are you installing a version of phpbb that has reached end of life and that official support will cease for at the end of this year? 3.1 end of life will probably happen before too long since 3.2 is just around the corner.

robert
I'm baaaaaccckkkk. still doing work on donation basis. PM your needs.

Premium phpBB 3.2 Styles by PlanetStyles.net

If a tree falls in the forest and nobody is there, does it make a sound?

samsurfer117
Registered User
Posts: 5
Joined: Thu Sep 22, 2016 9:41 pm

Re: Permissions issue.

Post by samsurfer117 » Sun Sep 25, 2016 9:57 pm

Yes. Free shells are dangerous, but I'm working on that.

What I've found is that executing;
<?php echo exec('whoami'); ?>
Yeilds;
www-data

So the 'user' for PHP is www-data.

Theoretically speaking, chowning the aforementioned directories to www-data;
sudo chown www-data directory/
and then chmoding the aforementioned directories to 7xx;
sudo chmod 700
for example would probably do it.

Does any of this scan?

P.S. I forgot I upgraded to phpBB 3.1.x.

User avatar
stevemaury
Support Team Member
Support Team Member
Posts: 50512
Joined: Thu Nov 02, 2006 12:21 am
Location: The U.P.
Name: Steve
Contact:

Re: Permissions issue.

Post by stevemaury » Sun Sep 25, 2016 11:23 pm

There are not and never have been any security issues using the CHMOD permissions in the installation instructions.
For REALLY good and VERY inexpensive hosting CLICK HERE

I can stop all your spam. I can upgrade or update your Board. PM or email me. (Paid support)

samsurfer117
Registered User
Posts: 5
Joined: Thu Sep 22, 2016 9:41 pm

Re: Permissions issue.

Post by samsurfer117 » Mon Sep 26, 2016 12:56 pm

I'm going to be hosting open shells on my machine. Therefore yes, any directory with 777 permissions would be an extremely potent vulnerability.

Anyways I found the answer to the question;
http://stackoverflow.com/questions/9133 ... ermissions

It involves using chown and chmod to set the owner of the directories as www-data, which is, as stated above, the user that PHP runs under.

So...
sudo chown www-data store/
sudo chown www-data cache/
sudo chown www-data files/
sudo chwon www-data images/avatars/upload/
sudo chmod 700 store/
sudo chmod 700 cache/
sudo chmod 700 files/
sudo chmod 700 images/avatars/upload/

You can change the other permissions to the directories if you want using...
sudo chmod 7xx directory/
...but I highly reccomend that the second and third number NOT be 7 (full read/write/execute). Read is just fine, which is 4 in chmod.

So it would be either...
sudo chmod 700 directory/
OR
sudo chmod 744 directory/

Locked

Return to “[3.0.x] Support Forum”