Images Folder Permissions

[LRS]

I recently upgraded to the latest version and am having some proiblems with the images folder re scuring it.

My main images directory is laid out like this: whatever.com/store/images

The admin folder is laid out thusly whatever.com/store/admin/ but with a different name per security instructions. The parameters for the different admin folder name have been set in the required files and everything is working fine other than the following:

When I changed the images folder permissions to read only for for all (also tried just for group and public), as instructed in one of the files that talks about securing the site, none of the images would show up in the store to the customers.

When I set permissions to read / write for public and read / write / execute for group, they still would not show up. I had to set permissions to 777 read / write / execute for admin group and public to get them to show.

I am assuming this is BAD to leave it like that. How do I get the images to show up to the customer yet protect this folder from hacking?

[Ajeh]

If you cannot set the directories to 755 ... speak to your host ...

[LRS]

If you cannot set the directories to 755 ... speak to your host ...

The instructions on securing the site say to set the image folder to 644 --- not 755 -- Can I assume that is a typo and should read set the images FOLDER to 755 and the image FILES to 644?

The images show up fine with the folder at 755 and the files at 644, but not with the folder at 644 or 744
-------------------------------------

https://www.zen-cart.com/tutorials/index.php?article=73

"9. Protect your "images" and other folders
During initial installation, you are advised to set your images folder to read/write, so that you can use the Admin interface to upload product/category images without having to use FTP for each one. Similar recommendations are made to other files for various reasons.

However, leaving the images (or any other) folder in read/write mode means that hackers might be able to put malicious files in this (or other) folder(s) and thus create access points from which to attempt nasty exploits.

Thus, once your site is built and your images have been created/loaded, you should drop the security down from read/write to read. ie: change from CHMOD 777 down to 644. "

[Website Rob]

The instructions on securing the site say to set the image folder to 644 --- not 755 -- Can I assume that is a typo and should read set the images FOLDER to 755 and the image FILES to 644?

You are correct, it is a typo and 755 permissions on any directory is strongly recommended. All files should work with permissions of 644.

Note: some Mods require different settings so make sure to read any documentation within the Mod being used.

[LRS]

Thanks for the help to both of you!