[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-users] [RaQ4] file permissions

Subject: Re: [cobalt-users] [RaQ4] file permissions
From: "Brian N. Smith" <support@xxxxxxxxxx>
Date: Sun Dec 8 17:46:01 2002
List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>

----- Original Message -----
From: "William J.A. Brillinger"
Sent: Sunday, December 08, 2002 7:55 PM
Subject: [cobalt-users] [RaQ4] file permissions


> What are the *actual* security implications of having a public web dir
> chmod'd to 777?
>
> (Go easy on me, I already know I am basically stupid)
>
> - Bill B
>
>
> ---------------------------------
> William J.A. Brillinger
> Precision Design Co.
>
> _____________________________________

Bill ... a quick thing on file permissions ... incase you do not know.
1 = Execute only        -    If no one can read it, they can't run it!
2 = Write / Execute    -    If no one can read it, they can't run it!
4 = Read Only
5 = Read / Execute
6 = Read / Write
7 = Read / Write / Execute.

The first number = user
The second number = group
The third number = world

Why it would be bad to have it listed as 777.

1) Everyone who gets to it, can delete it.  You better have FTP & CLI
(telnet/ssh)
    off!!!
2) Anyone can over write it.  See reason above.
3) Anyone can execute it.  So, if you have a script there, any user can run
it, and if
    someone is actually smart enough to put something there that can cause
damage
    you are pretty much hurt!

What you should use:

If it is any NON binary:
664    -    If you want the group to modify it
644    -    If you only want the user to modify
660    -    If you do NOT want the world to see it.  They NEED to be in the
group
                or the user to view it, or modify it.
640    -    If you do NOT want the world to see it, They NEED to be in the
group
                to view it, and only the owner can modify it.

Binaries are a little bit trickier.  But follow the same concept.  You
generally want them
set to read / execute (5).  Such that, anyone can read & execute them.  But,
some times you
do NOT want the world to execute them.  So, if your running a web server,
generally the
siteadmin (on cobalts specifically) will run them.  Setting the attributes
to: 750 will make it
so the website can run it, and only the user can change it.

This concludes a basic tour on file permissions.  I hope that it has helped
you out some!

Brian N. Smith
NuOnce Networks
www.nuonce.net
Free Cobalt Stuff Located Here

Follow-Ups:
- Re: [cobalt-users] [RaQ4] file permissions
  - From: William J.A. Brillinger
- Re: [cobalt-users] [RaQ4] file permissions
  - From: Gerald Waugh

References:
- [cobalt-users] [RaQ4] file permissions
  - From: William J.A. Brillinger

Prev by Date: Re: [cobalt-users] [RAQ3] Installing a RAQ550 ISO?
Next by Date: [cobalt-users] [RAQ3] Installing a RAQ550 ISO?
Previous by thread: [cobalt-users] [RaQ4] file permissions
Next by thread: Re: [cobalt-users] [RaQ4] file permissions

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index