4

I am using the bolt cms. I want to take it to production, however just noticed that the documentation and other tutorials ask me to do this :

chmod -R 777 files/ app/database/ app/cache/ app/config/ theme/

I am not a security expert, but from what I've read 777 is usually a bad idea. I understand that the uploads and cache dirs to be 777, but not sure why others are required.

I wanted to know, if

  1. What are the security risks involved, if any.
  2. There is another way to se up bolt or workarounds for production
0_0
  • 209
  • 2
  • 7

3 Answers3

3

You need

  • files/ for upload
  • app/database/ for database if you are using sqlight, not necessary for mysql and postgres
  • app/cache/ for cache
  • app/config/ and theme/ if you want to edit your config or template files over the backend of bolt cms. It is more secure to not allowing this and edit it over ssh or ftp.
S. A. Kıyak
  • 127
  • 5
  • Thank you. I was really confused with `database`, `config` and `theme` requiring 777 – 0_0 Jun 20 '14 at 09:42
0

777 means everyone can read, write, execute anything in that dir, if you concern about security you may try this solutiion

You can deny execution from web by using apache rewrite rule Order Deny,Allow Deny from All

Community
  • 1
  • 1
Jowy Atreides
  • 31
  • 3
  • Could you please add the important part from that link into your answer so that the answer is still valid even the link dies – KhorneHoly Aug 19 '14 at 10:39
0

777 is very insecure but it depends on the configuration of your web server.

You should try setting to 755 (only owner can write), if that doesn't work try 775 (owner and group can write). Only use 777 as a last resort.

Online Sid
  • 116
  • 4