4

I know it's not good to use CHMOD 777, but is 775 as dangerous? Does it provide a backdoor to hackers as easily as 777?

1 Answers1

11

The difference between 777 and 775 is the writable attribute for the world-group. The big risk with 777 is that any user on your server can edit the file. 775 does not have this risk.

Don't erroneously assume that the "world writable" flag means everyone can write to the file - only the users on that server can. So on a private server, this poses less risk.

One of the biggest risks is that any script on the server now can write to the file - one "weak" script (known or discovered exploits) can compromise the entire server. If the file is 775, and the webserver-user (usually wwwrun with apache) is in the file's group, it can also write to the file. In this case 775 poses the same risks as 777...

Konerak
  • 435
  • 2
  • 18
  • 1
    An extra not to be careful of it directories with world-writeable permissions. Even with 000 permissions a file can be deleted (and then recreated with new content) by any user if the directory containing it is world-writeable. 000 stops *anybody* opening the file, but deleting it only requires permission to update the directory. – David Spillett May 21 '10 at 18:35
  • 1
    @David: I don't understand the first sentence of your comment. – Dennis Williamson May 21 '10 at 18:57
  • 1
    Sorry. That should have been "An extra *note* to be careful of *is* directories with world-writeable permissions". It has been a long week... – David Spillett May 21 '10 at 20:24