I run a dating web site that lets users upload new pictures of themselves, etc. The /pictures folder has a chmod set to 777. Every once in a while, maybe once a week, the entire contents of that folder goes missing. How can I fix this? I am 100% sure it's because of the 777 permission.
If you're 100% sure it's because of the 777 permission, change it. Surely you don't need the execution bit, so it would be 666, but it's safer with 644 .
With 644 users might not be able to upload pictures into it. The idea of 777 is to allow new files to be uploaded into that folder although the "execute" permission might be unneeded. Try chmod 644 (664 would be even better), see if the folder is still writeable.
There are many ways to deal with this, but it depends on your server set up. If you suspect another user on the box is removing the files from a shell account then you could place the upload directory in a parent directory that is chmod 770. This will stop non-owner, non-group accounts from getting to the upload directory. The way to tackle this depends on how your box is set up.
hmm.. i tried all of the suggestions mentioned and basically, pictures on the profile page cant even be seen without many errors unless it is set to 777. and the problem keeps happening! what are my options?
Add the following .htaccess file to that directory. It may at least slow the individual who is deleting your files down a bit, depending on how it is being done: Options -Indexes Code (markup): However, I'd also suggest you change your access passwords to your control panel (cPanel or whatever) and for your site software.
Your best option is to use suexec and phpsuexec. Look those up on the 'net and understand a little more about how they work, then implement them. Essentially, this allows you to run httpd and php as your uid and then eliminate the need for world-writeable permissions.