A website I'm admin for has a serious security issue. Everytime I make changes to a php script, I chmod -R 777 the var/www directory to make the script work. And if I change this to 775, the photo upload feature on the website doesn't work.
So my questions are:
- What are the real security implications of chmod 777 the entire var/www/
- How do I set the permissions for var/www/ so I can edit/upload scripts without constantly rewriting the permissions
- How can the public upload photos to the server without the directory being 777
(on Ubuntu server 10, apache 2, php 5.3.6)