phpbb and SMF (this forum) whats the difference??

[squirrellydw]

What makes SMF better than PHPBB?

[squirrellydw]

anyone?

[sirwoogie]

I'm more appreciative of SMF stability and feature set. Their support is excellent, and I can always get help on their support forums. I also find it to be one of the fastest forum software brands.

Anything specific you want to know?

[squirrellydw]

No just wondering.  I just installed it and I like it MUCH better than PHPBB.  Huge difference.  Maybe you can answer me this.  What should my files and folders be CHMOD to?  755, 644 or something else?  I don't know a lot about it, just enough to be dangerous.

Thanks

[ChadTower]

You're better off learning what those numbers mean than just setting your app filesystem by rote.  Those permissions sets affect everything in the entire OS.

[squirrellydw]

I know what they mean but not sure what they should be set at.  Still a little confusing to me.  I know I don't want everything to be writable, just want it to be as secure as possible.  Since sirwoogie knows what he is doing on this site I trust him.

[ChadTower]

That's the point, though.  Some of the dirs would need to be writable, and then at that point writable to whom?  Different parts of an app need to have different permissions for different users and/or groups depending on function.

[sirwoogie]

The running process doing the final php processing (whether that be the web server or in our case a fastCGI process) requires write access to the entire SMF installation. So at a minimum do owner with write and add any more you feel necessary for your needs. Patching, uploading of avatars/attachments and package installation require write access. If you wanted to be paranoid, you could change permission on the files after these events, and I'd be happy to explain in detail where that could go. But, I feel it more important to lock the front door and leave the windows open if that's what is required to operate.

The SMF docs and guys suggest just putting everything at 777 and 666 which is just poor in so many ways. Then the real battle is keeping your software current.

I'm always happy to discuss what we do behind the curtain if anybody else is interested.

[squirrellydw]

Owner and write I can do that.  The reason I ask is I was running a PHPBB site for fun, just trying to learn some stuff and some jerk hacked it.  So I just want to make it secure as possible but not so much that I have to change permissions everytime I want to do something.

[ChadTower]

Often times those are just the breaks of how security works.  Leave the door closed unless you're actually walking through it.

[sirwoogie]

Owner and write I can do that.  The reason I ask is I was running a PHPBB site for fun, just trying to learn some stuff and some jerk hacked it.  So I just want to make it secure as possible but not so much that I have to change permissions everytime I want to do something.

But that "hack" could be one of a hundred things. Are you positive he hacked you because of incorrect permissions, or was it something else? When you have a webapp, there are so many points you can stick your nose in and see what stinks.

We've had a few mishaps on our side as well, and they came in through things I didn't even think about. Luckily they were kiddies and just wanted a drone.

[squirrellydw]

Not possitve but pretty sure that's what it was.  Now time to get tinyportal to work.

Thanks