I'm wishing I had taking Jason's offer instead of going with the host I'm at now, I don't know what SUExec David is referring to but the one run on my host is plain STUPID!!!!
from my host...
Beyond webroot protection, which is very necessary for security reasons, we run a standard Apache Suexec setup.
why under a Suexec setup even a text file has to have 777 for a script to read & write to it? why can't 666 be good enough! right?
here is an example of the seemingly highly regarded SUExec being stupid...
an example,
I wan't a script located at
/public_html/index.php
to read and write to
/public_html/MySkins/
same user in the same account,
now MySkins contain php script so setting it to 666
should let the world read and write to it but not execute script in there this is so no one can edit the file with bad code and then execute it! this would be -rw-rw-rw- but something is making it so nothing can read the dir unless it has execute permissions.
the thing I don't understand is why I have to give execute permissions just to read!?
answer "maybe try chmod 1666?"
still overridden.
FTP log:
SITE CHMOD 1666 MySkins
200 SITE CHMOD command successful
NOOP
200 NOOP command successful
CWD /public_html/MySkins
550 /public_html/MySkins: Permission denied
if I use 1666 or 2666 or 4666 it's still Forbidden.
answer "I just changed some of the permissions on the directories..."
under 666
/public_html/MySkins <- Access
/public_html/MySkins/theme <- Access
/public_html/MySkins/theme/css <- Permission denied
and php can now execute under 666
Now I don't know if this is SUExec being stupid or the admin don't know how to run it but I don't see how any of this helps protect anything! if any thing it's undermining the hole CHMOD concept of how and who to give permissions to!
or am I wrong for thinking SUExec and this kind of setup is stupid?