security help..

senectus · Post by **senectus** » Sat Apr 16, 2005 10:55 am

Could someone explain this in a little more detail?

# Serendipity ships world-writeable (777) to make installation easier.
# After the install is complete, you should change those base permissions to allow only your web-server user (e.g. nobody) to access the serendipity directory. All subdirectories should be writeable for the web-server user, all the files should be 644, unless otherwise contained in our installation archive.

I presume I need to chmod something... ?

Post by **garvinhicking** » Sat Apr 16, 2005 11:08 am

Yes, you should basically change the permissions so that only the webserver and your FTP user can read files.

The core directory serendipity/, the uploads/ folder, the templates_c/ folder and the files .htaccess and serendipity_config_local.inc.php must also be WRITABLE for the webserver user. Other files do NOT need to be writable for PHP/Webserver. Depending on your setup this would be 644 for most files, and only 664 or 666 for other files (744, 777 for directories).

If you plan to use Spartacus plugin, your plugins/ folder also needs to be writable.

Regards,
Garvin

security help..

security help..

Re: security help..