Shopping Cart Operations > Security

Installing Extensions leaves folders AND files 777 permissions

(1/1)

kavlito:
I am new to Abantecart, and am a little troubled by what I discovered.

Every Extension that I have installed so far, paid or free, has set all of the folders AND files permissions to 777.

That is very frightening from a security standpoint as the .php & .tpl files are openly writable, is it not?

abantecart:
You need to change extension directories after you install extension to 644 or you can add more restrictions in .httaccess or web server level.

yonghan79:
Hi,

Today I tried several ways of installing one of our extensions, AddThis in AbanteCart v1.2.15. 
The originating files are set to 0644 and the folders are set to 0755.
1. Installing via FTP with our original files from our development the files remain set to 0644 and folders to 0755.
2. Installed via Extensions Upload (after downloading the files to a PC from MarketPlace) the files remain set to 0644 and folders to 0755.
3. Installing via a key the files and the folders are set to 0777.

abantecart:
To keep your directories/files secure, you need to set all directories/files in extensions directory to 644. 

For web or key based installation all depends on your server/OS user setup. If user of web application is the same as the application user, than permission do not have to be 777.

michael1129:
To keep your directories and files secure in AbanteCart, it's recommended to set permissions in the extensions directory as follows:

Recommended Permissions:
Files: 644 (Owner: Read/Write; Group/Others: Read-only)
Directories: 755 (Owner: Read/Write/Execute; Group/Others: Read/Execute)
Important Notes:
If the web application user is the same as the system user running the application (common in many shared hosting setups), permissions do not need to be 777. Properly configured servers allow the application to function with 644 for files and 755 for directories.
Avoid 777 permissions entirely as they expose your files to potential malicious access.
To Update Permissions:
Use the following commands via SSH:

bash
Copy code

find /path/to/abantecart/extensions -type d -exec chmod 755 {} \;
find /path/to/abantecart/extensions -type f -exec chmod 644 {} \;
Replace /path/to/abantecart/extensions with the actual path to your extensions directory.

By following these guidelines, you’ll secure your AbanteCart installation while ensuring proper functionality.

Navigation

[0] Message Index

Go to full version
Powered by SMFPacks Social Login Mod