It's always nice to avoid having any directories chmod 777, but sometimes necesary.
On the other hand, there is never any reason at all to EVER use SuExec on a dedicated server.
Doing so only creates huge security problems. Whoever gave you that advice should
either be fired for complete incompetence or enrolled in a system administration class
today.
The only thing SuExec can do that is good is to protect you against other
webmasters on a shared server. It does so at the cost of making you much more
vulnerable to outside attackers. What SuExec does is give any visitor to your site
complete permissions to change or delete any of your files or directories.
On a dedicated server it's exactly the same thing as chmod()ing everything 777.
Quote:
|
However I'm unable to change the permissions for these files and for certain directories - some of which need to be 777 - I get "access denied".
|
Probably because they are properly owned by use "nobody" rather than your user name.
Any permissions changes would ned to be done by root, but if they are already owned
by "nobody" it may not actually be those files that need to be chmod.
IT may be one of the directroies they are in. The directories containing them
should be chmod 755, or in rare cases 777. If a directory is 666 or 644 or something
you can't access files in it.