[thelist] Re: chmod 774
Tim Luoma
luomat at peak.org
Tue Jul 9 14:42:03 CDT 2002
Jonathan_A_McPherson at rl.gov wrote:
>>Does chmoding a web viewable directory 774 constitute a security risk?
>>
>>
>
>I think the proper spelling is "chmodding." (-;
>
>For you non-Unix folks out there, chmod 774 equates to
>
> user: read, write, execute (4 + 2 + 1 = 7)
>group: read, write, execute (4 + 2 + 1 = 7)
>other: read (4)
>
Note that the directory's contents would not be viewable to the "other"
group as the directory must be "executable" for that to happen.
711 (where 1 = execute only) is what is generally needed for web
directories i.e. ~/public_html/ and 774 would render it unreadable to
the httpd
>
>What user is your web server running as? Are they in the group?
>
Note that if this is on a shared server and there is shell access
someone in your group could look at your website, compare it to the
standard directory for web files (i.e. ~/public_html/) and delete your
files.
I had someone on a shared server who wrote a script that looked at every
users' $HOME/public_html for writable directories and uploaded a file to
it. Fortunately he did not do something like:
find . -print |xargs rm -rf
which would have totally hosed those of us who had mistakenly left
writeable directories about the place.
TjL
More information about the thelist
mailing list