使用“chmod 666”是否有效?在特定目录上会产生任何漏洞吗? (安装Kohana)
显然我很新,所以请耐心等待。
我在本地主机中安装了 Kohana Framework。为此,我们必须设置两个特定文件夹,对所有文件夹都具有写入权限。建议使用“chmod 666”。 (此处)
其余目录设置为 755。
我的问题更针对阿帕奇。
- 使用“chmod 666”会在网络服务器中创建漏洞吗?
- “每个人都有写入权限”的确切含义是什么?
提前非常感谢!
Obviously I am very new, so please bear with me.
I installed Kohana Framework in my localhost. To do is so we have to set two specific folders with write permissions to all. "chmod 666" is suggested. (here)
The remaining directories are set to 755.
My question is more directed to Apache.
- Will the use of "chmod 666" create a vulnerability in a webserver?
- What exacly means "write access for everyone"?
Many thanks in advance!
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
666 几乎总是一个非常糟糕的主意。您阅读的网站需要好好鞭打。
“每个人都有写权限”意味着在您的系统上拥有用户帐户的任何人都可以写入该目录。
666 is almost always a really bad idea. The web site where you read that needs a good flogging.
"Write access for everyone" means that anyone with a user account on your system can write to that directory.
这些权限仅适用于您当前的服务器,因此如果您是唯一有权访问您计算机上的用户帐户的人,那么您应该非常安全。每个人的写入权限意味着在您的计算机上拥有用户帐户的每个人都有权写入。请注意,第 3 方软件(如 apache)也可以拥有自己的用户,如果该软件中存在漏洞,则可能会受到损害。这样,外部人员就可以访问该文件夹。通常的做法是只向真正需要访问的用户授予权限。
注意:在普通的 Windows 计算机上(不知道 Windows 7 是否仍然如此),每个人都可以访问每个人的文件。所以这只是另一种安全措施。
These rights are only for your current server, so if you are the only one with access to a user account on your machine you should be pretty safe. Write access for everyone means everyone with a user account on your machine has the right to write. Please note that 3rd party software (like apache) can have it's own user as well and this could be compromised if there's a exploit in that software. This way someone from the outside could gain access to that folder. It's a common practice to only give rights to users that really need access.
Note: On a normal Windows machine (don't know if this is still true with Windows 7 though) everyone has access to everyone's files. So this is just another security measure.