Improved security with CGIwrap

Having successfully set up MoveableType, I chose the default instructions which tell you to set each of your weblog directories with permission 777 (basically, read/write/execute by anyone). This allow the web server (running as user ‘nobody’) to write files into your web file space, but could also be a security risk.

Today I dug a little further and found that my site supports CGIwrap which forces the CGI process to run as you instead of as ‘nobody’. This let me set all of my directory permissions back to 755 (writable only by me).

I had a little trouble changing ownership of some of the new directories from ‘nobody’ to me, so I just renamed them and rebuilt the entire site through MT. Problem solved!