777 File Permissions a Security Risk?

Step 4 in the Omeka installation instructions says to set the Omeka root and its contents to 777 (everyone can read, write and execute these files).

Isn't that security risk?

First, the phrase "the archive and its subdirectories" means to refer to the actual folder named "archive" within Omeka, not the Omeka root. In other words, the instructions only want you to give extra permissions to the folder where uploaded files are stored, not to the rest of Omeka, where your configuration files and Omeka's code are stored.

On shared hosts, depending on the particular setup, there's a possibility that other users on the same server or system could have access to the files within the "archive" directory if you do set the permissions to 0777.

The lower-permission alternative is to change the group and group permissions of those directories and files so that only the web server gets extra read/write access, but those instructions would necessarily vary quite a bit from host to host.

Thanks! I did not grasp that these permissions were on a subfolder, not the main folder.