Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: chmod 777 security risks?
Top Forums UNIX for Dummies Questions & Answers chmod 777 security risks? Post 302097260 by blowtorch on Wednesday 22nd of November 2006 10:39:36 PM
Old 11-22-2006
You are thinking only of shell access. There may be other ways that a cracker might use. These do not necessarily involve using a shell account. Crackers use many different ways to deface sites/steal info/do whatever.

Quote:
Originally Posted by reborg
It's like leaving the keys in your car bacuse it is in a locked garage.
To put it in the context of reborg's quote, what you are doing is assuming that the garage is locked, so the car is safe. What happens if the garage is broken into?

And about giving your business partner permissions to change the files, can't you just set access control lists (setfacl/getfacl on Solaris)?
 

7 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

chmod 777 on all directories below...how do I do that using the "find" command?

I've got 100 directories that each have 2 directories with in them. Structered like this: /home/domains/domain1/ through to /home/domains/domain100/ and those 2 directories mentioned above are here: /home/domains/domain1/directory1/ /home/domains/domain1/directory2/ through to... (7 Replies)
Discussion started by: Neko
7 Replies

2. Solaris

chmod -R 777 in /usr Solaris 9 = Major Screwup

Hello Everyone: One of our admins here accidently ran chmod -R 777 in the /usr folder on a V440 running Solaris 9. After that no one could run any command and could not login. I fixed most of the things by re-restricting some rights and applying the correct rights. Now there is a problem... (3 Replies)
Discussion started by: muntaser_zaheer
3 Replies

3. UNIX for Dummies Questions & Answers

chmod 777 * - oops

I can belive I really did this... chmod 777 /home :eek: I have my /home directory synced to another machine. Can anyone tell me how to get the permissions from back up server /home to production server /home It's important that I dont over write the files on the... (1 Reply)
Discussion started by: shunter63
1 Replies

4. Cybersecurity

can another user 777 and existing 777 dirctory?

User usrA creates dirA directory and runs chmod 777 on the directory. Can usrB issue another 777 on dirA? It appears the answer is no even if the usrA and usrB are part of the same group. I know this is a rare scenario but I just ran across it and found out that usrB receives an error when... (4 Replies)
Discussion started by: zlek131
4 Replies

5. UNIX and Linux Applications

What is the difference between chmod in solaris and chmod in Linux?

i think it is the same in both... Iam i right? (1 Reply)
Discussion started by: sumaiya
1 Replies

6. Windows & DOS: Issues & Discussions

chmod -R 777 * in cygwin

Hello, I use windows XP on a small server. Lately I downloaded a software (hydrological computation) which asked me to install as well the software ‘cygwin' (kind of linux in windows environment) and then to perform in cygwin window the command: ‘chmod -R 777 *' in order to give writings... (2 Replies)
Discussion started by: Cedalise
2 Replies

7. UNIX for Dummies Questions & Answers

Only allowing chmod 777 for file upload folder

Hey everyone. I have 2 different linux servers (each one is through a different web hosting company). On both servers I have the exact same PHP file upload script that allows users to upload a file or image to the server (everything on both servers is identical). On server #1 the "attachments"... (5 Replies)
Discussion started by: Mr.Canuck
5 Replies

LEARN ABOUT REDHAT

getfacl

GETFACL(1)						       Access Control Lists							GETFACL(1)

NAME

       getfacl - get file access control lists

SYNOPSIS

       getfacl [-dRLPvh] file ...

       getfacl [-dRLPvh] -

DESCRIPTION

       For  each file, getfacl displays the file name, owner, the group, and the Access Control List (ACL). If a directory has a default ACL, get-
       facl also displays the default ACL. Non-directories cannot have default ACLs.

       If getfacl is used on a file system that does not support ACLs, getfacl displays the access permissions defined	by  the  traditional  file
       mode permission bits.

       The output format of getfacl is as follows:
	       1:  # file: somedir/
	       2:  # owner: lisa
	       3:  # group: staff
	       4:  user::rwx
	       5:  user:joe:rwx 	      #effective:r-x
	       6:  group::rwx		      #effective:r-x
	       7:  group:cool:r-x
	       8:  mask:r-x
	       9:  other:r-x
	      10:  default:user::rwx
	      11:  default:user:joe:rwx       #effective:r-x
	      12:  default:group::r-x
	      13:  default:mask:r-x
	      14:  default:other:---

       Lines  4,  6  and  9  correspond  to the user, group and other fields of the file mode permission bits. These three are called the base ACL
       entries. Lines 5 and 7 are named user and named group entries. Line 8 is the effective rights mask. This entry limits the effective  rights
       granted	to  all groups and to named users. (The file owner and others permissions are not affected by the effective rights mask; all other
       entries are.)  Lines 10--14 display the default ACL associated with this directory. Directories may have a default ACL. Regular files never
       have a default ACL.

       The default behavior for getfacl is to display both the ACL and the default ACL, and to include an effective rights comment for lines where
       the rights of the entry differ from the effective rights.

       If output is to a terminal, the effective rights comment is aligned to column 40. Otherwise, a single tab character separates the ACL entry
       and the effective rights comment.

       The ACL listings of multiple files are separated by blank lines.  The output of getfacl can also be used as input to setfacl.

   PERMISSIONS
       Process	with search access to a file (i.e., processes with read access to the containing directory of a file) are also granted read access
       to the file's ACLs.  This is analogous to the permissions required for accessing the file mode.

   OPTIONS
       --access
	   Display the file access control list.

       -d, --default
	   Display the default access control list.

       --omit-header
	   Do not display the comment header (the first three lines of each file's output).

       --all-effective
	   Print all effective rights comments, even if identical to the rights defined by the ACL entry.

       --no-effective
	   Do not print effective rights comments.

       --skip-base
	   Skip files that only have the base ACL entries (owner, group, others).

       -R, --recursive
	   List the ACLs of all files and directories recursively.

       -L, --logical
	   Logical walk, follow symbolic links. The default behavior is to follow symbolic link arguments, and to skip symbolic links  encountered
	   in subdirectories.

       -P, --physical
	   Physical walk, skip all symbolic links. This also skips symbolic link arguments.

       --tabular
	   Use	an alternative tabular output format. The ACL and the default ACL are displayed side by side. Permissions that are ineffective due
	   to the ACL mask entry are displayed capitalized. The entry tag names for the ACL_USER_OBJ and ACL_GROUP_OBJ entries are also  displayed
	   in capital letters, which helps in spotting those entries.

       --absolute-names
	   Do not strip leading slash characters (`/'). The default behavior is to strip leading slash characters.

       --version
	   Print the version of getfacl and exit.

       --help
	   Print help explaining the command line options.

       --  End of command line options. All remaining parameters are interpreted as file names, even if they start with a dash character.

       -   If the file name parameter is a single dash character, getfacl reads a list of files from standard input.

CONFORMANCE TO POSIX 1003.1e DRAFT STANDARD 17
       If  the	environment  variable  POSIXLY_CORRECT is defined, the default behavior of getfacl changes in the following ways: Unless otherwise
       specified, only the ACL is printed. The default ACL is only printed if the -d option is given. If no command line parameter is given,  get-
       facl behaves as if it was invoked as ``getfacl -''.

AUTHOR

       Andreas Gruenbacher, <a.gruenbacher@computer.org>.

       Please send your bug reports and comments to the above address.

SEE ALSO

       setfacl(1), acl(5)

May 2000							ACL File Utilities							GETFACL(1)
All times are GMT -4. The time now is 07:59 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy