11-23-2006
The point we are making is this:
With chmod 777, you are giving all rights on all the files to ANY user.
Lets say a hacker managed to find an exploit which allows him to gain some kind of access to your server through a vulnerable service, which allows him to execute code as the user of the service.
If the last 6/7 is there it means he can change your files regardless of which user he gets access as. (The keys are in the car)
With the second 6/7 if means that anyone in the group can change the files. (You given someone the valet key to the car)
With only the first 6/7 you (the owner) only can make the changes. ( the key to the car is in your pocket)
So as you can see, someone malicious has more to do in each case, before they can change your files.
7 More Discussions You Might Find Interesting
1. UNIX for Dummies Questions & Answers
I've got 100 directories that each have 2 directories with in them.
Structered like this:
/home/domains/domain1/
through to
/home/domains/domain100/
and those 2 directories mentioned above are here:
/home/domains/domain1/directory1/
/home/domains/domain1/directory2/
through to... (7 Replies)
Discussion started by: Neko
7 Replies
2. Solaris
Hello Everyone:
One of our admins here accidently ran chmod -R 777 in the /usr folder on a V440 running Solaris 9. After that no one could run any command and could not login. I fixed most of the things by re-restricting some rights and applying the correct rights. Now there is a problem... (3 Replies)
Discussion started by: muntaser_zaheer
3 Replies
3. UNIX for Dummies Questions & Answers
I can belive I really did this... chmod 777 /home :eek:
I have my /home directory synced to another machine.
Can anyone tell me how to get the permissions from
back up server /home to production server /home
It's important that I dont over write the files on the... (1 Reply)
Discussion started by: shunter63
1 Replies
4. Cybersecurity
User usrA creates dirA directory and runs chmod 777 on the directory. Can usrB issue another 777 on dirA? It appears the answer is no even if the usrA and usrB are part of the same group. I know this is a rare scenario but I just ran across it and found out that usrB receives an error when... (4 Replies)
Discussion started by: zlek131
4 Replies
5. UNIX and Linux Applications
i think it is the same in both... Iam i right? (1 Reply)
Discussion started by: sumaiya
1 Replies
6. Windows & DOS: Issues & Discussions
Hello,
I use windows XP on a small server. Lately I downloaded a software (hydrological computation) which asked me to install as well the software ‘cygwin' (kind of linux in windows environment) and then to perform in cygwin window the command: ‘chmod -R 777 *' in order to give writings... (2 Replies)
Discussion started by: Cedalise
2 Replies
7. UNIX for Dummies Questions & Answers
Hey everyone. I have 2 different linux servers (each one is through a different web hosting company). On both servers I have the exact same PHP file upload script that allows users to upload a file or image to the server (everything on both servers is identical).
On server #1 the "attachments"... (5 Replies)
Discussion started by: Mr.Canuck
5 Replies
CHMOD(2) System Calls Manual CHMOD(2)
NAME
chmod - change mode of file
SYNOPSIS
chmod(name, mode)
char *name;
DESCRIPTION
The file whose name is given as the null-terminated string pointed to by name has its mode changed to mode. Modes are constructed by ORing
together some combination of the following:
04000 set user ID on execution
02000 set group ID on execution
01000 save text image after execution
00400 read by owner
00200 write by owner
00100 execute (search on directory) by owner
00070 read, write, execute (search) by group
00007 read, write, execute (search) by others
If an executable file is set up for sharing (-n or -i option of ld(1)) then mode 1000 prevents the system from abandoning the swap-space
image of the program-text portion of the file when its last user terminates. Thus when the next user of the file executes it, the text
need not be read from the file system but can simply be swapped in, saving time. Ability to set this bit is restricted to the super-user
since swap space is consumed by the images; it is only worth while for heavily used commands.
Only the owner of a file (or the super-user) may change the mode. Only the super-user can set the 1000 mode.
SEE ALSO
chmod(1)
DIAGNOSTIC
Zero is returned if the mode is changed; -1 is returned if name cannot be found or if current user is neither the owner of the file nor the
super-user.
ASSEMBLER
(chmod = 15.)
sys chmod; name; mode
CHMOD(2)