[thelist] chmod 774
Jonathan_A_McPherson at rl.gov
Jonathan_A_McPherson at rl.gov
Tue Jul 9 10:08:01 CDT 2002
> Does chmoding a web viewable directory 774 constitute a security risk?
I think the proper spelling is "chmodding." (-;
For you non-Unix folks out there, chmod 774 equates to
user: read, write, execute (4 + 2 + 1 = 7)
group: read, write, execute (4 + 2 + 1 = 7)
other: read (4)
What user is your web server running as? Are they in the group?
In general, I would take care to ensure that the Web server does not run
under a user context that has permission to modify the files it is serving.
That way, if someone manages to compromise your Web server software enough
to cause it to do their bidding, they won't be able to use it to deface your
pages.
--
Jonathan McPherson, LMIT/SD&I
Software Engineer & Web Systems Analyst
email / jonathan_a_mcpherson at rl dot gov
More information about the thelist
mailing list