Currently, I’m with a company who wants to switch to magento for all of our ecommerce customers. Unfortunately, because magento requires such strange file permissions for an install, it takes us quite some time to install the program. We have never been hacked by anyone, until we installed a copy of magento to our server.
Is it possible to install magento, and update through magento connect without having to set any permissions to 777?
Can the permissions be set back to a more secure set once magento has been installed?
Is there a safer, yet just as automated way to install updates into magento?
I installed on my server without using 777. I followed the command line instructions I found in the Wiki (the only way I found to get it to actually install). But I skipped the last commands that set everything to open permissions.
I have used Magento Connect and it works too, so I don’t understand why the recommendation is to open it up to 777.