Security: clarification Folders to 755 Files to 644

[dharma]

Concerning "steps in securing your Zen Cart" part 7B in the docs or #9 in the wiki your "images" and other folders:

Thus, once your site is built and your images have been created/loaded, you should drop the security down from read/write to read. ie: change from CHMOD 777 down to 644 for files and 755 for folders (in image folder)

("images" and other folders cont)...File/Folder permissions settings
On Linux/Unix hosts, generally, permission-setting recommendations for basic security are:
folders/directories: 755
files: 644

I have CHMOD all files to 644 and folders to 755 in the image folder as stated above.

Does the later statement mean that EVERY folder and EVERY file in my ZC file set should be changed to 755 and 644?

Right now all my folders and files are at 755 (except configs and images)

This may seem like dumb question, but, I want to be sure before I change the permissions on all my files

[Website Rob]

I have CHMOD all files to 644 and folders to 755 in the image folder as stated above.

---

Right now all my folders and files are at 755 (except configs and images)

--------------------------------------------------
Somewhat conflicting statements.
I take it you meant to repeat what you said the first time?

As to your question on permissions, when Hosting on a Linux Server you must have directories set to 755 and files to 644. This is default setting and gives you some security. The exceptions are when specific permissions are stated within the install / setup procedure, as per any Error msgs. or when working on your site.

The only time permissions should be changed "temporarily" is when working on your site and need to write to a directory or file. In that case, the directory must be 777 and the file 777. Once finished you put the permissions back the way they should be.

Examples would be the Define Pages Editor. When working on those pages the 'classic' or 'custom' directory within the 'html_includes' dir. must set to 777 and the files within. Once finished, change permissions back.

Another example is the 'images' dir. -- within your Document Root dir.
When working in the Admin section, adding or editting products and needing to upload any image files, the 'images' dir. must be 777. Once finished change permissions back.

[dharma]

Thank you for the clarification. As all the files "out of the box" from the ZC download were 755 folders and 755 files I thought they were good to go as is.


I will change all my files to 644 and folders to 755 except where noted they should be otherwise...like html includes folder at 555 (for my server) and configs at 444.