Archive for December, 2008

. . . so i created myip.ozymo.com which does the same thing:

$ curl myip.ozymo.com
64.39.19.8

Sometimes it’s nice to get just the IP returned without all the fluff.

/cs

The terms “755″ and “777″ can be a little confusing unless you are
familiar with UNIX permissions. These two items are octal notation
representing the bits set for particular permissions for each of “user”,
“group”, and “other”. Each digit corresponds to one of these.

Basically, permissions can be comprised of three numbers, which, when
added together, give you a permission in the range of 0-7. The three
numbers correspond to “read” (4), “write” (2), and “execute” (1)
permissions. As you can see, if a user, group, or other has all the
permissions, then the pieces, added together, equal to seven:

r + w + x = rwx
4 + 2 + 1 = 777

In UNIX, from the shell, when you look at a directory listing of a
particular file, such as the wp-content directory, you are presented
with an “rwxrwxrwx” notation of the permissions scheme (the leading “d”
signifies that this is a directory):

$ ls -lahd wp-content/
drwxr-xr-x 5 chuck chuck 4.0K Nov 25 11:15 wp-content/

As I mentioned, each digit in the “755″ notation corresponds to one of
“user”, “group”, or “other”. In essence, the permissions “755″
correspond as follows:

user—group–other
rwx____r-x____r-x
421____401____401 (or 4+2+1,4+0+1,4+0+1)
7______5______5__ (this is for visual sanity)

Essentially, when a directory is set to “755″, then only the user that
owns the directory (in the case of the wp-content folder on my server,
the user chuck) has permissions to “write”, or create files, modify
files, and remove files, from this directory. Members of the “group” and
members of “other” (meaning everyone else on the planet) can enter the
directory and read the contents of the directory.

In the case of “777″ permissions, anyone can “read”, “write”, or
“execute” a file or directory (executing a directory means entering it).

So, at this point we know how to tell who can or cannot write to a
directory. When someone browses to your website and tries to upload
content to the wp-content directory, they cannot.

The reason for this is because only the “user” owner of the directory
has “write” permissions. When a PHP script (which is what WordPress is
comprised of) is parsed by the PHP engine on your site, it is done so by
the Apache service, which allows the client browser to contact your
server for exactly this purpose. The PHP script cannot “write” to the
wp-content directory because the script is being run as the “apache”
system user. Because the apache user is not the “user” owner of the
directory, and the permissions are “755″, the PHP script (running with
the apache user’s permissions on the directory) cannot “write” the
content to the directory.

Your desire to maintain server security is excellent! Most people don’t
realize that by giving the web server access to write to a directory
that they are opening up a security hole! In fact, many people change
the permissions to “777″ (world-writable) when they install WordPress.

WordPress is a very widely used blogging application. Generally, as long
as it is updated in a timely fashion, you can keep your
wp-content/uploads directory at 777 without worrying too much about
security, because the people at WordPress have input validation in their
code to effectively prevent intrusion in that area. I still would not
advise it, but it shouldn’t cause a problem.

I must say though, do NOT simply change the permissions of the
wp-content directory to “777″. Make sure that it is only the “uploads”
directory therein. Changing the permissions of the wp-content directory
would also make the plugins directory world-writable, which WILL open a
vast security hole on your server.

I hope this information has been helpful!

/cs