I have installed Links 2.0 on a Linux server in the past and it got hacked and I lost the entire web directory. I would like to try again, but I am a little fearful of using 777 permissions on my directories. Is there some way around this? How can I beef up security to minimize hacking. I have read and followed the permissions FAQ.

Mahalo,
Helios

Dont know if it will help, but some servers let you use 766 CHMOD's on folders.

Andy (mod)
andy@ultranerds.co.uk

---

Want to give me something back for my help? Please see my Amazon Wish List
GLinks ULTRA Package | GLinks ULTRA Package PRO
Links SQL Plugins | Website Design and SEO | UltraNerds | ULTRAGLobals Plugin | Pre-Made Template Sets | FREE GLinks Plugins!

766 won't make much difference - try 774 - although I don't guarantee it will work. (Or 744 if you can get away with it).

Thanks for the replies. I tried 744 and 774 but neither worked.

Permission denied?

Hi,

Unfortunately 777 has become the "norm" for cgi due to how 95% of servers are set up.

CGI traditionally runs as the user 'nobody' or 'apache', and you install the script as your own user.

What this means is that in order for you to edit the files, and the web server (which it must do in order to accomplish anything significant) is to make the files 666 and directories 777.

The only safe scenerio if you are on a shared server, is to run under cgiwrap or Apache's suEXEC. In that case you can set permissions to 700 or 600 respectively, as apache runs cgi as your own userid, so no one else needs to edit the file.

Cheers,

Alex
--
Gossamer Threads Inc.

Thank you all for your help.

To answer your question RedRum, yes, permission denied.

Alex, Links 2.0 is a great script - I appreciate all the time and energy that you have placed into its development. Thanks for the info on cgiwrap and suEXEC. Keep up the great work!