11 comments posted · 2 followers · following 1
Interesting point you made:
Sadness has no value (from what I can see) concerning survival of the fittest.
It seems to have no point in survival of the fittest situations. In fact, it would seem to have a negative effect for survival from an evolutionary standpoint.
It is good that you have found this out! Sleep is very important for stress relief, good health and a whole mess of other things. :)
In any cause, I changed it from 777 to 766 in the original post. This will still allow write access but removes execute. You have to picture the situation: Apache was running as UserA while all of the files under Joomla are owned by UserB on the system. UserA which is executed by Joomla using Apache can't write UserB's /tmp folder unless the "other" flag has access. This is because I've mucked up the owner permissions moving between so many servers.
Thanks for pointing that out though. :) Nice looking blog site you have!
Increasing the tmp folder to 777 means you've only added the ability to write for all users and groups. While that may sound insecure, it only means users of the system can access that directory with full privs. Therefore, running on a private system with no other system users, 777 for a tmp directory is fine. Not to mention, your system default /tmp directory is 777:
drwxrwxrwt 34 root root 4096 Jul 8 09:18 tmp
You could use 757 or 766 instead which will prevent execution (this is probably better than my stated 777 above). I've also added a second option, if your account has the ability to change owner and group (most do not).
You can also change your temp folder in global configuration / server and move it outside of the public view, if you are worried about that. You may even be able to use the root /tmp folder, however, some servers will block PHP access outside of the homedirectory with PHP Openbase_dir.
To comment on the FTP layer..... FTP transmits passwords using clear text. In business audits for networked systems you are not even allowed to use FTP to connect to any minor business network for this reason. You are basically blasting your account password across the web to anyone that has a sniffer.