OK here's the deal. I'm running a little forum and I have it set so that my users can upload their own avatars to my server. Now, as you probably realize, I have to CHMOD the directory they are uploading in to make it readable/writeable. Now, on the support forums for the forum software I am using there is a huge debate going on about what "setting" is most appropriate for the directory. One group says CHMOD to 777(readable/writeable/executable) is the best method. Others state that it's silly to do it that way because avatars are not executable files and it's not necessary to open up the directory that way. THEY suggest to CHMOD the folder to 666 (readable/writable only). Now, apparantly some people can't get their avatars to work if they only CHMOD to 666, so they're told to CHMOD to 777 which only sets the 666'ers off again.

Now admist all this debate I can't get my one simple question answered.

My avatar directory is currently set to 777. Does that make that directory vunerable to malicious code, somehow, or are these 666'ers just purists who like to beat their drum?

Of course, now I am beginning to think that the Devil and Alister Crowley were programmers.

Well, the only thing that you'll have to watch out for under 777 is that if someone were to upload a perl or php script they would be able to execute it within that folder.

If you are going to use a perl/php script to upload the avatars, this shouldn't be a problem. Just make sure that the script allows only .jpg .jpeg .gif .png (and possibly .art) files to be uploaded.

777 is read, write, execute, and open to user, group, and other - basically wide open to anyone to do anything. In general, not a good idea.

Do you really need read write access to "other?"

It would seem like user and group access should work, in fact it should work with user-read/write; and group-read only, other-read only (I think that's 644) - I'd then try 660, if it didn't work go with 666.