777 Permissions for /var/log/httpd

Is it OK to give 777 permissions for the folder /var/log/httpd, Are there any security issues giving this type of permissions.

We have PHP Code with Zend running on the server
sivaatluriAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

gr8gonzoConsultantCommented:
No, 777 permissions are ALMOST never okay. Those permissions mean ANYONE can see the contents of that folder. The permissions should probably limited to 700 and the ownership of the folder should be set to the user that Apache is running as.

Knowledge is always the first step of security vulnerability, and allowing anyone to possibly know something that they shouldn't is a problem.

Sometimes even that simple thing is a way for someone to perform a social engineering attack ("Hey Bob, can you forward me the log file /var/log/httpd/error_log-2015-07-30.log?" - and Bob complies since he assumes the user must have some kind of legitimate permissions to be able to know about that file).

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Seth SimmonsSr. Systems AdministratorCommented:
just looked at my apache install; default permission on the logs folder is 755
anyone can read; only the owner and root can write to it
gr8gonzoConsultantCommented:
@Seth - you may want to change that. At most, you might want it at 750 so members of the owned group can read the logs, too, but it's always better to limit access to information. Access restriction is a continual part of good data security.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Apache Web Server

From novice to tech pro — start learning today.