Monday, November 23, 2009

Question: I have a file i can't read/write/execute with the user i want!

Bad advice:

  • Bad: "chmod 666 file" - This makes the file editable and destroyable by anyone.
  • Worse: "chmod 777 file" - This makes the file editable by anyone AND sets execute permissions for anyone. Fucking stupid. This means that any user can edit the file to do something malicious for the next user to (accidentally?) execute it.
  • Worst: "chmod 7777 file" - Also gives setuid and setgid permission. With this shining example of stupidity you've just given any user permission to fuck your machine up the ass, especially if the file is owned by root.

Good advice:

Make sure the file is owned by an appropriate user or group, and set permissions for that user or group. Create a new group if necessary.

I haven't yet found one example where 777 are the proper permissions for a file or directory.
("But /tmp and /var/tmp!?" i hear you cry. They have permissions 1777.)

ref: http://kreiger.linuxgods.com/kiki/?Bad+linux+advice
Posted by at Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

About

Blogger templates