Skip to main content

This site requires you to update your browser. Your browsing experience maybe affected by not having the most up to date version.


Our old forums are still available as a read-only archive.

Moderators: martimiz, Sean, biapar, Willr, Ingo, simon_w

Write access

Go to End

10 Posts   4244 Views


3 October 2007 at 11:17am 14 Posts


I'm going to install SS 2.1 but I have a couple of questions with the apache write access to the .htaccess and the /tutorial /mysite and /assets. Basically in order to install it I had to chmod 777 otherwise it won't pass the test...

my question is.. isn't it a security risk to have your .htaccess file writeable by everyone? - and also the subsequent folders too.


3 October 2007 at 11:23am Forum Moderator, 628 Posts

No, because once you have installed it, you should turn OFF write access to all but the /assets/ folder :)

Also realise its just write access for the webserver, not write access to all users on the machine, which you are after


4 October 2007 at 6:27am 14 Posts

Sigurd: I understand we should be giving write access to the webserver not all users. I read the details on the install successful page.

But for instance sake - imagine a user downloaded SilverStripe, he/she wants to upload it onto a webserver. The only access he/she has is via FTP, when he/she uploads everything into the hosting account, the default owner is the FTP user - not the webserver. The only way to give write access then to the webserver is to give write access to everyone.

Am I right or have I missed something out?

Also - I believe the only way to make sure the owner of the file in a Linux/Apache environment when assuming that the user will not have any other means to set file permissions other than FTP - is to create the file/directory using a php script.



4 October 2007 at 6:42am (Last edited: 4 October 2007 6:42am), Community Member, 501 Posts

That's right. I can only make it work chmodding to 777 :-)


4 October 2007 at 7:20am Forum Moderator, 628 Posts

Sure. So trying to clarify your problem then, does that mean you're concerned that you temporarily need 777 rights to few places during the few minutes you install SilverStripe?

knowing that once installed, you can set the permissions to 644 (rw-r--r--) or even 444 (r--r--r--) of .htaccess, tutorial, and mysite folders?


4 October 2007 at 7:24am Community Member, 501 Posts

No, I believe it's quite ok.
From the few things I remember from typo3 I believe there were quite some more folders that had to be 777 all the time in order to work.


4 October 2007 at 10:04am 14 Posts

My concern is for new users who do not have any ideas :). - they probably won't even chmod their files back, just trying to point out that there should be a better practice to install the CMS so that it is fool proof. (as much as possible)



4 October 2007 at 2:27pm 38 Posts

This is an interesting topic I have been looking at myself recently. While I agree with your best practice comments siulun, I would also suggest that the problem is not with SS itself - but with the lack of knowledge of some of its users.

Now, as to whether SS can do something to help new users out - even if that be a tutorial on hardening a SS installation - I'm sure they could. But I don't think it is necessarily their responsibility to look after users who don't know what they're doing.

FYI, I think it would be a GREAT help whatever you can do to help clueless site owners - because lets face it, most security problems stem from people who don't properly implement the security measures that already exist.

Go to Top