Security Permissions after install

**newsome** · 08-27-2007, 11:55 PM

Hello.

For increased security purposes, can any of the permissions be changed from 'writeable' after installation e.g. 'config.php' and 'settings.php' to '644'? If so, anything else e.g. templates or templates_c, et.al.?

Is there a point when the permissions need to be set back to writeable when changing something in the admin interface?

Thanks in advance.

**dollars5** · 08-28-2007, 09:37 PM

Actually your installer would have advised on the settings or your can find this info in the readme file.

set all to 644, now change the cache and templates_c to 777 - this will do (if you want to use admin panel modify language - then you will need to have lang.conf to 777 same applies to settings.php - till you consigure your site have it as 644 and once all configuration done - change to 644)

**newsome** · 08-28-2007, 09:59 PM

Thanks for your reply.

The instructions did not mention to change 'settings.php' nor 'config.php' nor 'lang.conf' after the installation. I set them to 644 after for security purposes after figuring out what they controlled.

The only question I have left now is whether the subdirectories, 'templates', 'templates_c', 'cache', 'backup' need to remain 777 or can any be changed conditionally?

Thanks.

**dollars5** · 08-28-2007, 10:20 PM

'settings.php' nor 'config.php' nor 'lang.conf' are required to be in 777 during config - after than revert them back to 644

**newsome** · 08-28-2007, 10:25 PM

Thanks again.

I take it the subdirectories, 'templates', 'templates_c', 'cache', 'backup' need to remain 777 always?

Thanks.

**dollars5** · 08-28-2007, 11:32 PM

yes, they will be written by Pligg frequently

**newsome** · 08-29-2007, 01:30 AM

Thanks for the info.

**floweroflove** · 09-20-2007, 01:10 AM

so there isnt a way to protect urself? with these permissions everyone can explore ur site via ftp and get ur templates files?

**mangoman** · 10-05-2007, 05:44 PM

This is a very important question. I have just installed Pligg on a shared server, and after reading this post now am very concerned about a Pligg-powered site's security & permissions ...are they adequate to prevent hacking?

Another recent user reported that his/her version-6.8 site was hacked. Nonetheless, having read that post and without knowing the specific cause, I'd like a forum moderator or developer answer this post with some specific prevention measures. Their recommendations for prevention and security go beyond alleviating fears and in fact will go further - this information should encourage more adoption & use of the Pligg software.

I'm looking forward to suggestions & feedback from administrators and knowledgeable Pliggsters!!

Regards,
John