Author Topic: Installing Extensions leaves folders AND files 777 permissions  (Read 14269 times)

Offline kavlito

  • Newbie
  • *
  • Posts: 25
  • Karma: +7/-0
    • View Profile
I am new to Abantecart, and am a little troubled by what I discovered.

Every Extension that I have installed so far, paid or free, has set all of the folders AND files permissions to 777.

That is very frightening from a security standpoint as the .php & .tpl files are openly writable, is it not?

Offline abantecart

  • Administrator
  • Hero Member
  • *****
  • Posts: 4364
  • Karma: +301/-10
    • View Profile
    • Ideal Open Source Ecommerce Solution
Re: Installing Extensions leaves folders AND files 777 permissions
« Reply #1 on: May 10, 2020, 08:19:48 AM »
You need to change extension directories after you install extension to 644 or you can add more restrictions in .httaccess or web server level.
Please  rate your experience or leave your review
We need your help to build better free open source ecommerce platform for everyone. See how you can help

Offline yonghan79

  • Jr. Member
  • **
  • Posts: 72
  • Karma: +21/-0
    • View Profile
Re: Installing Extensions leaves folders AND files 777 permissions
« Reply #2 on: May 10, 2020, 11:43:26 AM »
Hi,

Today I tried several ways of installing one of our extensions, AddThis in AbanteCart v1.2.15. 
The originating files are set to 0644 and the folders are set to 0755.
1. Installing via FTP with our original files from our development the files remain set to 0644 and folders to 0755.
2. Installed via Extensions Upload (after downloading the files to a PC from MarketPlace) the files remain set to 0644 and folders to 0755.
3. Installing via a key the files and the folders are set to 0777.
« Last Edit: May 10, 2020, 11:48:09 AM by yonghan79 »

Offline abantecart

  • Administrator
  • Hero Member
  • *****
  • Posts: 4364
  • Karma: +301/-10
    • View Profile
    • Ideal Open Source Ecommerce Solution
Re: Installing Extensions leaves folders AND files 777 permissions
« Reply #3 on: May 12, 2020, 10:19:16 PM »
To keep your directories/files secure, you need to set all directories/files in extensions directory to 644. 

For web or key based installation all depends on your server/OS user setup. If user of web application is the same as the application user, than permission do not have to be 777.
Please  rate your experience or leave your review
We need your help to build better free open source ecommerce platform for everyone. See how you can help

Offline michael1129

  • Newbie
  • *
  • Posts: 1
  • Karma: +0/-0
  • It Consultant
    • View Profile
    • Generative AI Consulting
Re: Installing Extensions leaves folders AND files 777 permissions
« Reply #4 on: January 09, 2025, 04:33:21 AM »
To keep your directories and files secure in AbanteCart, it's recommended to set permissions in the extensions directory as follows:

Recommended Permissions:
Files: 644 (Owner: Read/Write; Group/Others: Read-only)
Directories: 755 (Owner: Read/Write/Execute; Group/Others: Read/Execute)
Important Notes:
If the web application user is the same as the system user running the application (common in many shared hosting setups), permissions do not need to be 777. Properly configured servers allow the application to function with 644 for files and 755 for directories.
Avoid 777 permissions entirely as they expose your files to potential malicious access.
To Update Permissions:
Use the following commands via SSH:

bash
Copy code

find /path/to/abantecart/extensions -type d -exec chmod 755 {} \;
find /path/to/abantecart/extensions -type f -exec chmod 644 {} \;
Replace /path/to/abantecart/extensions with the actual path to your extensions directory.

By following these guidelines, you’ll secure your AbanteCart installation while ensuring proper functionality.
It Consultant at atQor

 

Powered by SMFPacks Social Login Mod