Page 1 of 1
what's so bad about 0777
Posted: Fri Nov 26, 2004 7:33 am
by manichaen
Hi,
I'd like to get a discussion going to thrash out what's so bad about 0777.
I think it's a relatively common problem that people want to have their scripts write to various directories, but feel uneasy about chmoding those dirs to 0777.
How serious a problem is this? If the dir does not include scripts (but only images, html, txt files etc) is there still a problem?
Personally, I've hacked my way around this question for quite some time, but I'd like to know for once and for all if having a public dir as world readable is really such a huge problem.
What are the alternatives? I'd like to upload photos and write them to different locations through the browser, is there a "safe" (relatively) way of doing this??
Thanks
Posted: Fri Nov 26, 2004 7:58 am
by kral_majales
if you'd like to have an uploading photos option (say with photo gallery software), then it's safer to choose one particular directory to write to and make that available, rather than setting all to 777. coopermine photo gallery, for example, lets you create a writeable directory where users can upload images to. sub-directories of that directory are also made writeable, so you can organise your files in a logical way, and have different photo 'albums' and so on.
within any given application, it's best to strictly control user input at every level, rather than gving them a potentially free reign on any area of the site, no matter how significant that area may seem.
this is just the way i see it, i expect the others will be able to go into more depth and help you more!
K
Posted: Fri Nov 26, 2004 8:03 am
by phpScott
instead of leaving the folder set at 0777 it is best to changes the permissions programitically to 0777 then back to read only as this won't leave the folder wide open. just because you say it will only be images doesn't mean that some one else can't try and put something else in that is runnable.
Posted: Fri Nov 26, 2004 8:43 am
by manichaen
I agree... but I can't don't have permission to chmod or mkdir using PHP on my server. So although I'd like to, I can't change the permissions through the script when needed.
Secondly - and part of the question really: who would be able to access the dir and put other scripts in there?? Other people on the server? Users with no access to the server?
Posted: Fri Nov 26, 2004 11:51 am
by timvw
I prefer to only give rights if i really have to. And in that case i don't want to have all my directories drwxrwxrwx. It also allows me to not worry about things that could happen. All i have to do is consider the "issues" that arise when i give some access right, fe o+x to my public_html dir so the apache user can access it.
Imho the standard security concepts on unices are open for serious improvements. (rbac etc...)
Posted: Fri Nov 26, 2004 1:57 pm
by Roja
manichaen wrote:
Secondly - and part of the question really: who would be able to access the dir and put other scripts in there?? Other people on the server? Users with no access to the server?
It depends on a number of things - especially the settings on the server.
For example, with 0777, if apache isnt configured to restrict access by directory, and I have a virthost on that same machine, I can write, overwrite, and delete your files (and of course read them).
If Apache *is* restricted properly, but I have shell, there are about a dozen ways to get around restrictions there - including chroot's.
Even if everything is done right, and no one else has shell or virthosts on the machine, if a new Apache exploit comes out and I get to your box before you can patch it, I can (as apache) do as I want to with that folder.
And of course, all of these assume no one has ALREADY compromised the box - in which case they can already do whatever they want, regardless of your puny file permissions.
In short, any protection you can get is a good thing - and 0777 gives a bunch of protection up. There *are* situations where you want/need 0777, so you just need to be very careful about them.
Posted: Fri Nov 26, 2004 3:58 pm
by McGruff
It's a good idea to set up a local linux partition so you can explore issues such as these.
Mandrake for example is easy to install. I don't mean to sound like I'm making a RTM post but there is a lot of useful info in the manual.
Posted: Fri Nov 26, 2004 5:59 pm
by hawleyjr
I have a site that when a new company signs up they get their own login page to my product.
Ex: new companies name is ABC Inc.
Their login page would be
http://www.example.com/abc/index.php
When I sign them up I create the directory 'abc' and I move a default login.php page in that same dir.
I use 0757 to create the directory and put the file in there. Should I change the permissions after I add the file?
If so, to what?
Posted: Fri Nov 26, 2004 6:41 pm
by Roja
hawleyjr wrote:
I use 0757 to create the directory and put the file in there. Should I change the permissions after I add the file?
If so, to what?
You didnt give nearly enough information for an informed answer. To wit:
- What user and group does the webserver run as?
- What user and group owns the directory? The user or the webserver?
- suexec, or not?
- Are you doing virthosts? (This isnt actually clear from the description)
- Do others have shell on the box?
And so on.
Its complex. But in general, to answer your question, you gave RWX (7) to "world" (or "other" depending on the reference material).
Regardless of the user and group settings, you should have a pretty strong argument to justify giving THE WORLD read, write, and execute permissions.
If you start phrasing and thinking of it that way - "What permissions am I giving THE WORLD", you'll quickly find a much tighter permission level will come about.
In general, when I create a folder for a client, I give them the absolute minimum needed to do what they need to do. ie, 704 for a placeholder file that needs be to viewed by the world (index.htm), 705 for the parent dir, and 700 for anything else.
In general, I dont do "group" settings at anything but 0 unless I have a specific user combination that needs it - that way I never have to worry about groups (except for specific exceptions to that rule).
I completely agree with McGruff - setting up a linux partition and testing things out locally is amazingly helpful.
Posted: Fri Nov 26, 2004 10:59 pm
by josh
You could use mod_rewrite if your host allows it, that way you don't even need to create any files at signup
RewriteRule ^users/(*.) user_page.php?user=$1
So when some one goes to
http://www.example.com/users/abc it runs the script at user_page.php with $user set to "abc", you could then read "abc" out of the database or whatever you want to do.
This would make your directory layout less confuseing

Posted: Sat Nov 27, 2004 9:21 am
by manichaen
Hi,
Thanks for the replies - but I think you guys are missing the point a little. My problem is that I need to write to a dir using a php script which doesn't own the dir, and is not a group user.
It seems that in order to write a file to a dir using a php script on a shared server that I just rent space on I need to set that directory's permissions to 0777.
I've tried quite a few hacks, but I really don't see a way around it.
So, while it's fine to say that the settings *should* be at 755/744 etc it doesn't seem that in this situation I have a choice?
Which raises the question: given that I "need" to make a dir worldreadable is there anything I can do to protect it?
Posted: Sat Nov 27, 2004 10:58 am
by timvw
manichaen wrote:It seems that in order to write a file to a dir using a php script on a shared server that I just rent space on I need to set that directory's permissions to 0777.
I'm pretty sure you don't need to 0777. The directory is owned by user.group. The user that is running apache, is either in that group or in the others. This means, only one of those needs 7.
manichaen wrote:Which raises the question: given that I "need" to make a dir worldreadable is there anything I can do to protect it?
You can put the world-readable directory, in a non-public html directory. This way, users without access, can't access them through the webserver either...
Posted: Sat Nov 27, 2004 2:23 pm
by Roja
manichaen wrote:
Thanks for the replies - but I think you guys are missing the point a little. My problem is that I need to write to a dir using a php script which doesn't own the dir, and is not a group user.
I'll assume by "Is not a group user" you mean, the webserver is not *IN* the same group as the user - all users in unix have a group, period, so yes, it is a group user.
The phrase "using a php script which doesnt own the dir" is unclear. Again, I'll assume you mean that the webserver runs as one user, and the directory is owned by another user. Then I will also assume that you arent running in suexec mode, and finally, I'll assume there is a good reason that you
ignored all of those questions that would have allowed me not to make assumptions, so I can answer you accurately.
With all of those assumptions however, you need one setting:
**7.
World (or specifically, the user the webserver is running as, which isnt User or in the same Group) needs to have write access. Now, its possible World doesnt need read for that directory, but thats unlikely.
So yes, in that case, with those assumptions, **7 is the correct setting.
manichaen wrote:
It seems that in order to write a file to a dir using a php script on a shared server that I just rent space on I need to set that directory's permissions to 0777.
Bzzt. Nope - now you are restating it differently (and more broadly).
First, the user and group settings dont matter - it doesnt have to be 77* - because the webserver user isnt part of user or group (again, based on the assumptions above). You could easily set it to 707, 417, 647, or any combination thereof.
Second, there are "shared servers" that you can "rent space on" that have suexec, or other configurations that allow the user and the webserver to be one and the same. It depends on the settings of the server - which I mentioned before.
Posted: Sat Nov 27, 2004 3:24 pm
by McGruff
manichaen wrote:Hi,
Thanks for the replies - but I think you guys are missing the point a little. My problem is that I need to write to a dir using a php script which doesn't own the dir, and is not a group user.
Create the dir with a php script rather than your ftp program et voila: php is the owner and you don't have to open it up to 777.