CMS Made Simple Forums

In Install doc, it states that config.php should be changed to a read-only state (444) after installation.

On some shared servers, it is easily possible to browse other users home directories. It seems that by having config.php given read privileges for Group that this presents a security risk. Wouldn't it be more secure to set config.php to 400 or 404 rather than 444?

On the other hand, maybe I don't know what I'm talking about since permissions have always confused me.

I would suggest that this isn't common practice and if your host doesn't provide a secure site for you and its other customers I would find another host.

I wouldn't want my hard work being ripped off by anyone unless I grant them access.

Well you may be right but of what use is it to provide read access to Group anyway? Why would Group need access of any sort to the config.php file?

I just checked my own site permissions and it also has group read permissions 644...although my host doesn't allow me to browse any other space other than my own.