X3Photo Gallery Forums

Good questions. Server permissions vs ownership can be complicated. Are you running your own server? As specified in our X3 permissions docs, if you are fortunate to be on smart hosting, they have already set it up so that FTP user is the same as php/www user. This means that default permissions 755 (writeable only by owner) is sufficient for the application to write to files and folders.

Normally, the problem arises when the FTP user is a different user than the www-user (the user that triggers the PHP scripts). In such case, you need to extend permissions so that group/others can also write to some files and folders, which would be 757 or 777. The question is, what other users are there on your server? Likely none that are not under your control. If you are on a shared hosting, there are likely users that are limited within their subfolder as you are.

To be honest, depending on how your server is setup, I don't think there is much security issues either way. Its not like permissions allows the outside world to do anything, unless you have scripts that allow illegitimate read/write operations.

tschortsch wrote:If I change the owner to "www-data" the check page an all other folders are fine with the rights 775. Should I go for this because 777 is less secure than 775?

In my opinion, it is best if you can assign the same user so that you can stick to 755 permissions. However, security implications depend on how your server is setup. Are you running your own server? If so, it doesn't really make any difference.

Sorry, my expertise in this area is limited, but my experience tells me it is a bit irrelevant.