Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: chmod 777 security risks?
Top Forums UNIX for Dummies Questions & Answers chmod 777 security risks? Post 302097253 by Gary777 on Wednesday 22nd of November 2006 08:45:35 PM
Old 11-22-2006
chmod 777 security risks?
Hello all,

I did a considerable search of the forum and didn't find an answer so I'll ask it here. For clarity's sake I'll state that I know just enough about Unix to be Dangerous (I'm an old Clipper, VO, ASM programmer from the 80's.)

I would like to install PHP driven CMS program to my webserver (iPowerWeb hosted) called SnippetMaster (http://www.snippetmaster.com/) to allow my business partner the ability to modify webpages without messing up the core file templates (I use includes for dynamic content) but one of the requirements of SnippetMaster is that I must chmod 666 or 777 ALL of the files in ../public_html directory that I want my partner to be able to modify. It doesn't require that I chmod 777 the directory it self.

They (http://www.snippetmaster.com/) openly claim and challenge anyone to prove them wrong that chmod'ing files with 777 in the public html directory is safe as long as my server is secure, they claim that only a person who can "log on" to my server and who has access to my root directory can overwrite an existing .shtml or .html file (such as index.shtml) or overwrite an existing PHP script with a potentially hazardous one and execute it. I don't believe this, I have a very strong feeling that this is patently wrong but after Googling for the last 2 hours I have found answers that both support and discourage this practice so I thought I'd ask the experts.

1) Is chmod'ing "files" in ../public_html to 777 or 666 a safe practice?

2) Can files be over written by people surfing the web (exmp: and simply using composer to edit then save the file back to the server?)

Please explain how this works if it is in fact a safe practice...

Your help would be greatly appreciated.

Best regards,

Gary
 

7 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

chmod 777 on all directories below...how do I do that using the "find" command?

I've got 100 directories that each have 2 directories with in them. Structered like this: /home/domains/domain1/ through to /home/domains/domain100/ and those 2 directories mentioned above are here: /home/domains/domain1/directory1/ /home/domains/domain1/directory2/ through to... (7 Replies)
Discussion started by: Neko
7 Replies

2. Solaris

chmod -R 777 in /usr Solaris 9 = Major Screwup

Hello Everyone: One of our admins here accidently ran chmod -R 777 in the /usr folder on a V440 running Solaris 9. After that no one could run any command and could not login. I fixed most of the things by re-restricting some rights and applying the correct rights. Now there is a problem... (3 Replies)
Discussion started by: muntaser_zaheer
3 Replies

3. UNIX for Dummies Questions & Answers

chmod 777 * - oops

I can belive I really did this... chmod 777 /home :eek: I have my /home directory synced to another machine. Can anyone tell me how to get the permissions from back up server /home to production server /home It's important that I dont over write the files on the... (1 Reply)
Discussion started by: shunter63
1 Replies

4. Cybersecurity

can another user 777 and existing 777 dirctory?

User usrA creates dirA directory and runs chmod 777 on the directory. Can usrB issue another 777 on dirA? It appears the answer is no even if the usrA and usrB are part of the same group. I know this is a rare scenario but I just ran across it and found out that usrB receives an error when... (4 Replies)
Discussion started by: zlek131
4 Replies

5. UNIX and Linux Applications

What is the difference between chmod in solaris and chmod in Linux?

i think it is the same in both... Iam i right? (1 Reply)
Discussion started by: sumaiya
1 Replies

6. Windows & DOS: Issues & Discussions

chmod -R 777 * in cygwin

Hello, I use windows XP on a small server. Lately I downloaded a software (hydrological computation) which asked me to install as well the software ‘cygwin' (kind of linux in windows environment) and then to perform in cygwin window the command: ‘chmod -R 777 *' in order to give writings... (2 Replies)
Discussion started by: Cedalise
2 Replies

7. UNIX for Dummies Questions & Answers

Only allowing chmod 777 for file upload folder

Hey everyone. I have 2 different linux servers (each one is through a different web hosting company). On both servers I have the exact same PHP file upload script that allows users to upload a file or image to the server (everything on both servers is identical). On server #1 the "attachments"... (5 Replies)
Discussion started by: Mr.Canuck
5 Replies

LEARN ABOUT REDHAT

forum

FORUM(1)							       mrtg								  FORUM(1)

NAME

       forum - Interactive Help for MRTG users

SYNOPSIS

       There is a lot of written documentation for mrtg. But never the less you may have a problem where you can't find the solution.  In this
       case some Human Help may be necessary. With MRTG there are several ways to get Humans to help you.

MAILING-LIST
       There are three mailing lists for MRTG available.

       mrtg
	   for discussion among mrtg users

       mrtg-announce
	   for announcements regarding new versions of mrtg related software

       mrtg-developers
	   for discussion among people who write software in connection with mrtg or who hack mrtg itself.

       THE RULES

       Please note, that the memebers of the mrtg mailinglist value politeness highly. This means behave in a way you would like others to behave
       towards you.

       o   No shouting. (NO CAPS)

       o   No rude language

       o   No demands. everybody is on the list out of their own free will. If you do not get an answer to your question, chances are high that
	   you did not give sufficent details about the nature of your problem or that the answer to your problem is in the documentation.

       o   If you do not follow the rules you will be unsubscribed from the list with no further questions asked.

       o   Decisions about your unsubscription from the list will be taken by

	    Alex van den Bogaerdt <alex@slot.hollandcasino.nl>
	    Paul C. Williamson	  <pwilliamson@MANDTBANK.COM>

	   If you feel that you have been treated unfairly, you may send mail to me and explain the situation.

	    Tobi Oetiker <oetiker@ee.ethz.ch>

       SUBSCRIBING

       These lists are managed by a mailing-list management software (listar).	It allows you to subscribe to these lists by sending a message
       with the subject: subscribe to the following address:

	listname-request@list.ee.ethz.ch

       You will then get a message asking you to confirm your subscription.

       For posting to the lists use the following address

	listname@list.ee.ethz.ch

       Note that only people who are subscribed to the list can post.

       Further information about the usage of the mailing lists is available by sending a message with the subject line help to either one of the
       request addresses.

       For past activity there is also a mailing list archive available:

	http://www.ee.ethz.ch/~slist/mrtg

       There is also a web interface to manage your mailing-list subscription.

	http://www.ee.ethz.ch/~slist/lsg2.cgi

NEWSGROUP

       For discussion of MRTG or related topics on the Usenet, please send your posts to:

	news:comp.dcom.net-management

       Many MRTG users are in this forum and will help you. You can also find an archive of past activity from this Newsgroup on:

	http://www.deja.com/usenet

AUTHOR

       Tobias Oetiker <oetiker@ee.ethz.ch> and many contributors

3rd Berkeley Distribution					      2.9.17								  FORUM(1)
All times are GMT -4. The time now is 06:43 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy