Installation1.7.8: Which directories should be writable?

Having trouble installing serendipity?
Post Reply
FrischeBötchen
Regular
Posts: 12
Joined: Fri Feb 21, 2014 11:47 am

Installation1.7.8: Which directories should be writable?

Post by FrischeBötchen »

Hello Garvin, hello members,

I'm not quite new here but there has been no other way to post under a new name because it wasn't possible to reset my old account(name). There is (perhaps) a problem with the file permissions after the installation. On February 9 I have installed a complete new version 1.7.8, afterwards some plugins. Now after a bruteforce-attack, which corrupted a script which didn't belong to Serendipity, I examined the folder's rights and did found this:

Code: Select all

mysite/plugins/	<DIR>	09.02.2014 17:56	-777
mysite/templates_c/	<DIR>	10.02.2014 10:19	-777
mysite/uploads/	<DIR>	09.02.2014 21:32	-777
... an these subfolders of DIR plugin which are writable too:

Code: Select all

mysite/uploads/.thumbs/	<DIR>	10.02.2014 10:15	-777
mysite/uploads/Admin-images/	<DIR>	21.04.2013 21:10	-777
mysite/uploads/assets/	<DIR>	21.04.2011 22:59	-777
mysite/uploads/files/	<DIR>	09.10.2013 18:21	-777
mysite/uploads/images/	<DIR>	10.02.2014 10:15	-777
Are the given permissions correct at all?
Regards,
Bötchen
Last edited by FrischeBötchen on Fri Feb 21, 2014 5:48 pm, edited 1 time in total.
Timbalu
Regular
Posts: 4598
Joined: Sun May 02, 2004 3:04 pm

Re: Installation1.7.8: Which directories should be writable?

Post by Timbalu »

If these /dirs and files in /uploads belong to you, this seems ok for all asked dirs, even if you could check if a 755 would do also.
See S9y FAQ pemissions: http://www.s9y.org/11.html#A15
Regards,
Ian

Serendipity Styx Edition and additional_plugins @ https://ophian.github.io/ @ https://github.com/ophian
FrischeBötchen
Regular
Posts: 12
Joined: Fri Feb 21, 2014 11:47 am

Re: Installation1.7.8: Which directories should be writable?

Post by FrischeBötchen »

Thank you Ian, just I have detected the anwser under the given link. Curious, I didn't found it with the built-in search function of this board, only by googling. You are right, the Serendipity-installation itself seems not to be hacked ... an older message of my provider has been:
Well, this was concerning the old version 1.7.0. After the upgrade I noticed the (older) provider's message at the first time and I did call the archive's link but I found it's all okay now. Hope the provider will not to be prompted to send this message again.
Regards,
Bötchen
Post Reply