-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Caplan, Hillel (US - New York) wrote:
This comment is from
http://meta.wikimedia.org/wiki/My_MediaWiki_Site_was_hacked._How%3F_What
_should_I_do%3F:
"Here's another problem: It seems that a number of users are leaving the
/images directory set at 777 - globally writable. This permits malicious
users to take advantage of this and overwriting existing images with
their own spiteful images. It should be noted that this is not a
MediaWiki issue so much as it is a general permissions issue."
My question is: What is the recommended minimum permission setting?
It must be writable to the web server when MediaWiki is run, or it won't
be possible to upload files.
In most configurations that will mean writable by the user account
'apache' or 'www-user' or 'inetpub' or whatever that the web
server runs
under. Note that in this case web scripts from anyone else on the same
system can also access this directory.
In other cases it may be your own user account, if the server is
configured to execute scripts under the account of the owner. In that
case, limited permissions to that user will forbid other users from
writing to the directory.
Note that there may be additional complications when you have to do
maintenance from the command line as well, as you may often be running
scripts as another user.
- -- brion vibber
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (Darwin)
Comment: Using GnuPG with Mozilla -
http://enigmail.mozdev.org
iD8DBQFF4ZwnwRnhpk1wk44RAv2gAKDCH5P/zCNJXIjQnKhlrREmS22myACfUHan
84yB5+LIE1nNa6hVucFGkX4=
=UjCm
-----END PGP SIGNATURE-----