{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 放荡不羁爱自由 的问题《should apache upload dir have 777 permissions or b》','https://www.manongdao.com/q-867584.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
I'm running apache and my php site uploads images to the server. should apache upload dir have 777 permissions or belong to www-data user? How would this affect backing things up?
相关问题
- Django check user group permissions
- Stop .htaccess redirect with query string
- .htaccess rule, redirecting old unexistent address
- How to deploy a web application Aurelia in an Apac
- Apache Directory Studio not opening
相关文章
- Apache+Tomcat+JK实现的集群,如果Apache挂了,是不是整个服务就挂了?
- How reliable is HTTP_HOST?
- Making a two way SSL authentication between apache
- File Upload of more than 4GB
- The current request is not a multipart request - S
- Flutter - http.get fails on macos build target: Co
- Input file in laravel 5.2?
- UnicodeEncodeError when saving ImageField containi
That depends on what you need from it. You should always use the most restrictive permissions that will let you do what you need.
Read the man page for chmod(1) to learn what the various permission bits mean. And maybe provide some more detail about your situation, so someone can provide a specific answer for you.
First and foremost the apache server needs to run as a non-privileged user. Second the upload directory should only need 600 as the permission (rw) iirc. This will allow the user that is running apache to write to that directory. The practical attack against a web server is to trick it into writing to a directory and having it execute the code that is placed there.
I think read + write permission is enough. read for backup, write for upload. It seems that no one ever need to execute anything.
And you should only grant permissions to who really need them. For example, grant write permission to www-data. And if you use another-user to do back up, only grant read permission to another-user.
You'd better avoid using 777