Support Tickets - Why Permissions of 0777?

Why Permissions of 0777?

HelpDesk 12.11.2015 827 Support Status: Closed Solution: Yes jaycryder


Ok so I just installed the system and there are a heap of directories and files all with open permissions. 
My web hosting security policy will not allow folders with 777 & files with 664 permissions. 

Please advise what permissions are absolutely necessary as when I allow the Helpdesk to have these permissions I get a 500 error. 
If I then change them to 755 & 644 the helpdesk works but when I update /operator/index.php?p=webtext&sp=belowhome I get the error on save, error 403 you dont have permission to access operator/index.php
Please reply asap as I am trying to get it completed.


Replies (20)

  • avatar Jerome

    Thank you for opening a support ticket.

    Can you please tell me where does it say 0777?

    All folders should have: 0755
    All files should have 0644

    Depend on your server configuration it sometimes need 0775 for your cache and files folder.

    Please do not have 0777 for any folders or files that is a big security risk, specially on shared hosting environments.

    13.11.2015 0
  • avatar jaycryder

    Hiya

    When I unzip your Helpdesk1_1_1.zip file on my server each file and folder is granted these permissions. I tried unzipping it to a different folder and again it granted 777 to many of the folders.
    I can FTP in and reset the folder permissions and will try again.

    Thanks for the speedy response, its most appreciated.

    13.11.2015 0
  • avatar jaycryder

    Also do any of the folders under the cache and files folders need to also be 775 or can they be 755?

    13.11.2015 0
  • avatar jaycryder

    I have reset the permissions to 775 for cache and files plus 755 for other folders and 644 for all files. and when I edit the home below text and try to save I receive this error

    Forbidden

    You don't have permission to access /operator/index.php on this server.

    Additionally, a 403 Forbidden error was encountered while trying to use an ErrorDocument to handle the request.

    Can you please advise a solution?
    If you need login details ftp etc let me know and I will send them through.

    13.11.2015 0
  • avatar Jerome

    Please do not upload the files via cPanel and then unpack it. cPanel always does it wrong and set the permission for everything to 0777! That is not our fault, we cannot set the permission when we pack the files.

    Please use a ftp program and upload the files or set the permission to all folders (0755) and to all files (0644) after unpacking via cPanel.

    Thank you.

    13.11.2015 0
  • avatar jaycryder

    I have done that - I have reset the permissions using FTP and still get the same problems.

    I am desperate to get this solved asap.

    Do you have any other suggestions?

    13.11.2015 0
  • avatar jaycryder

    Also I am running PHP5.5 if that has any impact?

    13.11.2015 0
  • avatar Jerome

    Please send me your FTP details via following form:

    https://www.jakweb.ch/access-form

    13.11.2015 0
  • avatar Jerome

    PHP 5.5 is not a problem, please send me your FTP details with the form mentioned above.

    13.11.2015 0
  • avatar jaycryder

    The login details have been sent by the form. I have also reinstalled the site completely via ftp upload of the unzipped upload folder, and have the exact same problem.

    14.11.2015 0
  • avatar Jerome

    Just tested your installation seems to be OK, also uploaded the missing files in the files directory (standard avatars) and updated to the latest version (1.1.1 https://www.jakweb.ch/blog/a/24/helpdesk-11) via auto updater under maintenance.

    I have sent you the email with a attachement and the proof of a working web text section. Everything works as it should.

    14.11.2015 0
  • avatar jaycryder

    Hi

    Thanks for testing but when I go to change the webtext "HomeBelow" I try to add any word and press save and get the same Forbidden error

    14.11.2015 0
  • avatar jaycryder

    The screenshot you sent show the editor page loads but when it saves it fails

    14.11.2015 0
  • avatar Jerome

    It does not work on below home only. Please ask you host, he must have a firewall or something that block the word belowhome. All others work fine, because changing the text has nothing to do with the files and folders it is all database based.

    14.11.2015 0
  • avatar jaycryder

    I just tried updating the newticket webtext and it failed on that too. With exactly the same error.
    I can ask my host if there could be a security setting that is stopping the database query or could you look at the database coding and check to make sure there is no "incorrectly formatted queries" or something else that could be causing it?.

    14.11.2015 0
  • avatar Jerome

    It is always the same query for all the text changing. Something must get blocked by your server settings.

    14.11.2015 0
  • avatar jaycryder

    I have lodged a support ticket with my host.
    Also the server is running

    Apache Version2.4.17
    PHP Version5.3.29
    MySQL Version5.6.27

    Could the MySQL version be causing a problem?

    14.11.2015 0
  • avatar Jerome

    We test and run our software on much higher versions, plus if it would be a problem everything would not work.

    14.11.2015 0
  • avatar jaycryder

    I have now got it working.

    My Host had to disable mod_security in order for it to work.

    14.11.2015 0
  • avatar Jerome

    Thank you for the feedback. Your host could also set a rule for the two words that don't work with your configuration of mod_security.

    We check and serialize all the information from the forms and urls before we do anything with it.

    14.11.2015 0