[Vtigercrm-developers] VT61 Module installer *still* using 777

[Alan Lord]

I don't know how many times I need to say this but *nothing* in the 
vtiger source tree needs to be rwxrwxrwx - this is just bad practice and 
potentially dangerous.

As a matter of fact I do not think any files in the source tree need to 
be executable at all. (vtigercron.sh potentially could be but it isn't 
actually necessary).

The config.inc.php file should really only be readable by the web server 
user as it contains the username & password for the database (so 600 or 
640).

Everything else (excluding the logs) should probably just be 644 for 
files and 755 for directories.

Al