LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices

Reply
 
LinkBack Search this Thread
Old 08-12-2005, 10:25 AM   #1
learnfast
Member
 
Registered: Mar 2005
Location: berlin
Distribution: Redhat 9, Fedora 3
Posts: 70

Rep: Reputation: 15
security considerations with 777 on shared host?


I've asked two of my Linux providers about this and neither have responded yet, so let me ask this here:

I have a shared hosting Linux environment (e.g. your normal $4.95 a month Linux account)
and let's say I need to give one directory 777 rights (everybody read/write/execute)
in order to use an SQLite database there or create dynamic PDFs or PHP5 files or whatever.

So, what are the security issues with this exactly?

1. Can OTHER people who have accounts at that shared hosting provider who also have SSH access, can THEY go over into my directory and read/create and delete files? If no, how is this actually prevented (when I create users on local Linux systems, every user can READ basically everywhere, even in /etc for instance).

2. What are the issues from OUTSIDE actually, i.e. via HTTP. I just basically need to make sure that no input from forms is going straight into the database or straight into files that could be created, etc. right?

3. Are there any other issues of setting directories to 777 in shared hosting environments?

4. What if I want a really flexible environment where my PHP files create PHP files on the fly including directories, etc. and I set my WHOLE website to 777. Is there any EXTRA security issues with this over and above setting ONE directory to 777?

Thanks.
 
Old 08-12-2005, 12:00 PM   #2
Matir
Moderator
 
Registered: Nov 2004
Location: San Jose, CA
Distribution: Ubuntu
Posts: 8,506

Rep: Reputation: 116Reputation: 116
Any file with 777 permissions will be readable, writable, and executable by ANY user on the system.
Any directory with 777 permissions will be readable, writable (files may be renamed/created/deleted) and browsable by ANY user on the system.

Yes, if your directory is 777, someone can delete or edit your files. If one of your PHP scripts is insecure, or one of THEIR PHP scripts is insecure, it is possible that data may be editable or deletable from the internet.

Check out this article for more information: http://www.zzee.com/solutions/linux-permissions.shtml
 
Old 08-13-2005, 12:17 PM   #3
sundialsvcs
Guru
 
Registered: Feb 2004
Location: SE Tennessee, USA
Distribution: Gentoo, LFS
Posts: 5,039

Rep: Reputation: 952Reputation: 952Reputation: 952Reputation: 952Reputation: 952Reputation: 952Reputation: 952Reputation: 952
But... it will be accessible to them only if they can get to it.

Most hosting-services are sensible enough to restrict all subscriber files to a single home-directory that is assigned uniquely to them. If your files are not accessible to others, the permissions that you assign to them are much less relevant.

Another factor is how other users would be able to reach them: can they get to a shell, or are they limited to http? If the latter, then what Apache will consent to do is a factor.

Nevertheless... you should assign them appropriately.
 
Old 08-13-2005, 01:59 PM   #4
Matir
Moderator
 
Registered: Nov 2004
Location: San Jose, CA
Distribution: Ubuntu
Posts: 8,506

Rep: Reputation: 116Reputation: 116
let's say I have SSH access on two accounts to a shared box: user1 and user2.

My html files are in /home/user1/public_html, owned by user user1, group users, permissions 755.

Why couldn't user2 just read the files?
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Firewall considerations - 2 Dual boot PCs rickh Fedora 3 04-26-2005 10:06 PM
Server and 777 RodimusProblem Linux - Security 1 02-10-2005 07:12 PM
MS Office client - Linux host based shared calendar testerman Linux - Software 0 02-05-2004 09:42 AM
X Windows server security set back to host access on Slackware 9.1 Jerre Cope Slackware 0 10-14-2003 11:17 PM
chmod 777 /* ziggamon Linux - Newbie 2 09-25-2003 11:40 AM


All times are GMT -5. The time now is 11:38 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration