Are 777 directory permissions safe?

Dear WHT members,

I thought of asking your expert opinion on this matter.

One of my customers wants to install Mambo CMS on his website.
I have installed mambo a dozen times on different websites without problems using the normal Mambo installation guide.

In this guide they tell you, you have to chmod a few files and directories to 777 (Full Write Read Execute Access).

As far as I know I have never encountered problems.

But now my customer is complaining that "Apache cannot write to the configuration files."
He asked me to "add the apache user to his group".

I told him it is not needed because if you follow instructions you will eventually need to chmod directories to 777 for some Mambo components.

He is now complaining that "it is the most unsecure thing ever to do, you should NEVER chmod to 777 because your server and all the websites will be vulnerable"

He is insisting he wants to have apache added to the same group his website is running on.

After searching the web I could not find a specific answer on this matter. I personally don't think a 777 directory is a problem if you have a .htaccess file configured and other options configured.

But maybe you guys can correct me ???

(and on a side matter. Should I add apache to a group or is this just "not done"???)

Thanks in advance!

 

 

 

 

Top