[quote name=‘Lee Li Pop’]Hello Traveler,
I would beleived everyone here knows I’m at Pair.com since 2000!
[URL]http://www.pair.com/support/knowledge_base/our_network_and_servers/server_configurations.html[/URL]
Just for uptime, you can check by yourself on this page:
[URL]http://www.pair.com/support/system_notices.html[/URL]
Tip: Take a server name, and check its uptime in past years (you will find past notices link at bottom of each page)
Lee Li Pop[/quote]
Lee Li,
It is good that you are happy with your host and they have phone support which is good.
I looked at their VPS plans and they are quite expensive much more money and less resources than Wired Tree and their up time is nothing special. although as I mentioned before up time (without excuses) is a base to build from.
Hopefully they have some specialized resources that are important to you to make their high prices worthwhile.
Hello Traveler,
Erudition of WireTree to demonstrate their mastery of their tools is unquestionable, and their prose is as long and tedious as a novel by Richard Ford.
Pair.com remains discreet in this area. True lovers of open source know the “day by day” long term commitment and contributions of Pair’s team in the FreeBSD project. 
[quote name=‘Traveler’]Hopefully they have some specialized resources that are important to you to make their high prices worthwhile.[/QUOTE]
Not important for me, but for whole Pair’s customers.
For example, our dear fellow Spiral writes so long post to prove us (or himself ?) he’s one of a few masters of security. He’s a genius, really!
But, when he writes “Setup (chmod) your PHP Script to 600”
[quote name=‘Spiral’]
PHP Scripts - 600[/QUOTE]
I ask him only one question:
Spiral, why do you recommend a security level so weak, while any newbie can easily strengthen that security level so low from 600 to 404?
Yes, at Pair everyone can easily setup (chmod) his/her PHP scripts to 404.
I hopeful, but none answer of Spiral for this moment.
Here is one of my favorite “specialized resources”
Pair does it without any trumpets nor drums!
Traveler, at WireTree, how strongest can you setup (chmod) your PHP scripts?
Lee Li Pop
[quote name=‘Lee Li Pop’]Hello Traveler,
Erudition of WireTree to demonstrate their mastery of their tools is unquestionable, and their prose is as long and tedious as a novel by Richard Ford.
Pair.com remains discreet in this area. True lovers of open source know the “day by day” long term commitment and contributions of Pair’s team in the FreeBSD project.
Not important for me, but for whole Pair’s customers.
For example, our dear fellow Spiral writes so long post to prove us (or himself ?) he’s one of a few masters of security. He’s a genius, really!
But, when he writes “Setup (chmod) your PHP Script to 600”
I ask him only one question:
Spiral, why do you recommend a security level so weak, while any newbie can easily strengthen that security level so low from 600 to 404?
Yes, at Pair everyone can easily setup (chmod) his/her PHP scripts to 404.
I hopeful, but none answer of Spiral for this moment.
Here is one of my favorite “specialized resources”
Pair does it without any trumpets nor drums!
Traveler, at WireTree, how strongest can you setup (chmod) your PHP scripts?
Lee Li Pop[/quote]
Lee Li,
I have no idea what you are talking about when you mention long prose at Wired Tree I assume that you are being funny.
As for permissions I called and the answer is 400 and customers can easily do it on their own or they will do it for you with a smile and no extra charge. When you say this is a special resource I assume that again you are being funny?
Note when you are within a PHP SU environment as I am, 644 and 404 have the same effect.
Spiral does shall we say politely make interesting posts when he talks about himself but he is trying to be helpful (as you also usually are) which is both good and appreciated.
As I mentioned before Pair seems very expensive for what they offer but if they have some special resources that make them worthwhile to you then that is good.
[QUOTE]Lee Li,
I have no idea what you are talking about[/QUOTE]
This is typically the case! 
[quote name=‘Struck’]This is typically the case! :D[/quote]
Don’t make me get the Ban-stick out Struck!
I’ve never tried Wiredtree so I can’t comment although I do know of glowing reviews upon forum members here.
Hello Traveler,
[quote name=‘Traveler’]
As for permissions I called and the answer is 400 and customers can easily do it on their own or they will do it for you with a smile and no extra charge.[/QUOTE]
Did you tried by yourself?
I did, PHP script to 400 doesn’t work at Pair, but 404 does.
[quote name=‘Traveler’]644 and 404 have the same effect.[/QUOTE]
Really?
What do you think personally the difference between a 4 letters password (for example “[COLOR=“Green”]root[/COLOR]”) and another of 12 mixed characters (for example “[COLOR=“Red”][SIZE=“3”]@$Y9>|f*}注É[/SIZE][/COLOR]”)?
Can we write when one perfects the level of complexity, one improves the level of security?
This is not the same with CHMOD?
[quote name=‘Traveler’]
Spiral does shall we say politely make interesting posts when he talks about himself but he is trying to be helpful (as you also usually are) which is both good and appreciated.[/QUOTE]
I said it before: He’s a genius!
However Spiral, if you could reply my question, that would be nicer.
[quote name=‘Traveler’]As I mentioned before Pair seems very expensive for what they offer but if they have some special resources that make them worthwhile to you then that is good.[/QUOTE]
Could I know the number of months you are at WireTree?
I am at Pair for 110 months. And no worries.
What is the price of Peace?
Lee Li Pop
Just tested some of this out.
I am using a VPS with CyberLNC.
I set my config.php and config.local.php to 400 and my site still worked just fine.
Now after reading up on things I see that these files would need to be set to 600 when I go to upgrade because the upgrade will write to them.
Here is what Spiral has on the cPanel forums:
[quote]I actually don’t recommend 777 EVER !!! (That goes for DSO people too!)
phpSuExec | suPHP
-----------------------
755 (owner:owner) Folders
600 (owner:owner) PHP Scripts
400 (owner:owner) Configuration Files (config.php, etc)
600 (owner:owner) Script files requiring WRITE access
640 (owner:nobody) Non-Script Files, HTML, Images, etc
750 (owner:nobody) CGI/Perl Scripts
If no access to setup group ownerships then set Non-Script files to 644 and CGI / Perl Scripts to 755
DSO (Apache Module)
--------------------------
750 (owner:nobody) Folders
640 (owner:nobody) PHP Scripts
640 (owner:nobody) Configuration Files (config.php, etc)
660 (owner:nobody) Script files needing to have “WRITE” access
640 (owner:nobody) Non-Script Files, HTML, Images, etc
750 (owner:nobody) CGI/Perl Scripts
If no access to setup group ownerships then set Folder to 755, PHP Scripts and Configs to 644, Non-Script files to 644, Write Files to 666, and CGI / Perl Scripts to 755[/quote]
Test it out for yourself and see.
Brandon
Sorry for the smiley things, I guess the : and o make a smiley.
Brandon
Hello Brandon,
Did you tried to set another PHP file?
For example your /index.php to 400?
Mine doesn’t work to 400, but works fine to 404.
Lee Li Pop
Right now my config files are set to 600 and my index.php is set to 400.
Everything seems to be working fine on both the front and backends.
Brandon
Hello Brandon,
So, Spiral is a real genius!
And you’re very safe at CyberLNC now.
Now, you can setup all your PHP scripts to 400!
Congratulations!
Lee Li Pop
"Hello Traveler,Did you tried by yourself?
I did, PHP script to 400 doesn’t work at Pair, but 404 does.
Really?
As an example I Have config.php set to 400 with no problems
"Could I know the number of months you are at WireTree?
I am at Pair for 110 months. And no worries.'
I have been with WiredTree for over 2 years, since right after they started. One reason I like them is that it is easy to talk to the owners, and they have lots of experience - see the prose that you admire…
Sounds like you need a new Webhost that allows 400 settings and is much less expensive for what they offer. Unless they have other resources that are valuable to you that you have not mentioned?
Hello Traveler, Hello Brandon,
Yes, I tried again, my PHP script[COLOR=“Red”]s[/COLOR] don’t work to 400, but work fine to 404.
All my PHP script[COLOR=“Red”]s[/COLOR] are set to 404, not only config.php.
All your PHP script[COLOR=“Red”]s[/COLOR] are set to 400?
Lee Li Pop
Lee Li,
You may need to do some adjustments to have your 400 settings work smoothly - this is something that your web host should know how to do for you.
644 and 404 have the same effect in a SU PHP environment.
Again your webhost should be able to take the time to slowly and clearly explain this to you in terms of who the user is.
I found Spiral’s posts in this area helpful and my webhost basically agreed with what he said. I assume that his statements about his abilities and fame were simply his sense of humor just like your “interesting” comments and I do not take them seriously…
Honestly I haven’t done squat on changing my permissions. I really need to, but just haven’t. I only changed the permissions of my files just to test what has been discussed here. I probably should keep going on them.
Also, I think Spiral said something about the php su thing having it so that only the first number actually means anything. I think he said that the other 2 numbers don’t actually help change the permissions with this set up. Of course I could be mistaken.
Brandon
To hop on to the VPS discussion.
Ive recently had to change from my shared hosting account at Hostgator and I went to Futurehosting.com
They have or had a special on the webhostingtalk.com forums for 40% off for the life of the account, double ram and triple bandwidth. The reviews for them on that site are great and thus far Ive been really happy with their service. I ended up picking a VPS location of Dallas to sort of centralize the location.
Also, they just created a twitter account a few days ago and had a special for the first 5 customers who followed them on twitter of 60% off for life, 2 x RAM and 3 X bandwidth. So I now have a 2nd VPS in Chicago… (no idea what to do with it yet haha) but it is 768MB RAM, 1500GB bandwidth, cPanel, 20GB storage, $19 a month.
Now in regards to hostgator, while their shared hosting was great, there was some weird firewall issues but they now offer VPS w/ dedicated CPU. For the cheapest cPanel plan its $49.95 a month but they offered me a deal if I prepay for a year and Im tempted to try it out and see.
[quote name=‘Lee Li Pop’]Spiral, why do you recommend a security level so weak, while any newbie can easily strengthen that security level so low from 600 to 404?
Yes, at Pair everyone can easily setup (chmod) his/her PHP scripts to 404.
I hopeful, but none answer of Spiral for this moment.
[/QUOTE]
You do realize you just recommended a LESS SECURE setting, right?
600 means the OWNER of the file alone can READ and WRITE but absolutely NO ACCESS to OTHERS!
404 means the OWNER can READ but also EVERYONE else on the server can READ the file as well!
Since both SuPHP and phpSuExec operate under OWNER permissions, there is absolutely no need to grant any access to anything but OWNER so that third digit ‘4’ you suggested in a SuPHP environment (presumably) is not necessary and is actually weaker security than the “600” that I said because you have opened up read access to all account that was not present previously.
If you want to tighten beyond “600”, the only possible option is “400” which would totally disallow WRITE access to everyone INCLUDING THE OWNER and make it READABLE by the OWNER alone and no other accounts (except root).
(Note that I said “400” and not “404” which would actually be less secure than “600”)
Since script functions are operating under the owner effective ID under SuPHP, it is really not overly necessary to push beyond 600 except for the rarest of cases where you don’t want any write access whatsoever. Examples of these might be the “config.php” and “config.local.php” files after they have been setup.
Does this answer your question?
[quote name=‘“Traveler”’]644 and 404 have the same effect in a SU PHP environment.[/QUOTE]
Close but that is not entirely accurate … (Owner Only Writable vs. Not Writable)
However both of these would allow EVERY SINGLE ACCOUNT ON THE SERVER to read the file!
PHP SCRIPTS: I would recommend dropping the third digit in both — use “0” instead!
NON-SCRIPT FILES: 644 or 640 (if group set to nobody), or 440 (If not ever changing)
Traveler is partially correct, the permission numbers only match up on the digit location and not the other digits so 644 and 404 would be identical when talking about NON-SCRIPT files because NON-SCRIPT (Not PHP scripts) files use the THIRD digit only ---- in this case “4”!
Meanwhile, PHP script files only use the FIRST digit when setting permissions under SuPHP!
(Points go to brandonvd for actually paying attention on that last point above!)
[quote name=‘Spiral’]
(Points go to brandonvd for actually paying attention on that last point above!)[/QUOTE]
Sweet! Look, I can learn and retain something.
Brandon
[quote name=‘Spiral’]…
"Traveler is partially correct, the permission numbers only match up on the digit location and not the other digits so 644 and 404 would be identical when talking about NON-SCRIPT files because NON-SCRIPT (Not PHP scripts) files use the THIRD digit only ---- in this case “4”!
Meanwhile, PHP script files only use the FIRST digit when setting permissions under SuPHP!…[/quote]
Spiral I agree with you - your explanation is more complete. Actually, CS cart also now agrees with you as Zeke noted in a Bug Tracker explanation
So in summary within a VPS PHP SU environment:
400 for config file
600 for other PHP files
755 for folders
Sounds like we can sleep well now.