After running the Security Review Module, there was a statement saying something to the effect that the permissions should not be set to "Write."

After speaking with my hosting company (hostgator) they informed that it was standard for files to have 644 permissions and folders to have 755 permissions.

Any thoughts on this being okay?



nevets’s picture

I am guessing we are talking about settings.php which you should change to be non-writable.

calso000’s picture

The security review module says:
"Some files and directories in your install are writable by the server."

"It is dangerous to allow the web server to write to files inside the document root of your server. Doing so would allow Drupal to write files that could then be executed. An attacker might use such a vulnerability to take control of your site. An exception is the files directory which Drupal needs permission to write to in order to provide features like file attachments."

Is there anything special that I should do with the settings.php file? There are passwords, user names and database info in there....