Heya, I would like to use the one of the Add-on Install & Upgrade tools (either the one by @Chris Deeming or the one by @Waindigo), but, wanting to run a secure server, I am concerned about giving write permissions too liberally. Basically, these addons can save you a lot of time but require you to give 777 permissions to most or all of your xenForo folder. I had an idea for a workaround that would make me feel considerably more comfortable. I'd love to hear people's thoughts on whether it is feasible. The idea is related to an idea put forth by @HittingSmoke : http://xenforo.com/community/threads/add-on-install-upgrade.35211/page-26#post-647497 Basically, right before you install or upgrade an addon using the tool, you chmod -R 777 XenforoRootDirectory/ and then, after you are done, you chmod -R 755 it again (assuming you are, in general, comfortable with 755). My approach is similar but involves less recursive chmodding. Basically, you run the following commands ONCE: Code: # creates a new group called addon. Because it is new, no one belongs to it. groupadd addon # gives the entire xenForo directory to this empty group chgrp -R addon xenForoRootDirectory # gives the owning group full permissions chmod -R g=rwx xenForoRootDirectory/ The installer addons do their filesystem writing via your web server (or perhaps a PHP interpreter). Let's call the user that program runs under HTTPD Then, when you want to install or upgrade addons you run: Code: # adds HTTPD to the empty addon group. usermod -a -G addon HTTPD This should give the web server write privileges in the xenForo directories. When you are done, just remove HTTPD from the addon group. This removes all special permissions. I like the idea because not matter what you do, you're pretty much going to have to give write permission to HTTPD. If any of the scripts you run has a security flaw in them, then a hacker would be able to rewrite anything in your xenForo root folder. Maybe I have a stick up my butt, but I would hesitate to give HTTPD those sort of write permissions for years at a time. But for 2 minutes at a time? This feels safer to me. Yes, I know it's not secure. But it seems a lot better than 777. And I can't think of a better way to run these addons, which seem quite helpful. I'm posting this here because it seems more likely to get a response from people interested in server configuration. Plus, it seems equally relevant to the two installer addons, so I wouldn't know where to put it anyway.