Go Job Hunting at the LQ Job Marketplace
Go Back > Forums > Linux Forums > Linux - Security
User Name
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.


  Search this Thread
Old 04-14-2010, 02:35 PM   #1
LQ Newbie
Registered: Dec 2002
Location: Athens, Ohio USA
Distribution: Fedora Core 1,5,6
Posts: 13

Rep: Reputation: 0
Smile Apache security question: chmod 777 vs usermod -a -G

I debated asking this in the newbie forum. However, it deals more with security, so here it goes...

Which is the better practice for allowing the web server (user apache, group apache) to write / delete files in a user's directory (user jones, group jones). Lets say, the directory in question is called "cache".

should I do the following
chmod 777 cache
OR... should I add the web sever (user apache, group apache) to the "jones" group via the command:

usermod -a -G jones apache
Also, if I do let apache join the jones group, and there is directory is called "cache" where I want apache and jones to be able to write and delete files, should I set the permissions to that directory to 664 or 755.

They both work. Which is more secure.

Thanks in advance.

- mrb3k
Old 04-14-2010, 03:12 PM   #2
Senior Member
Registered: Nov 2004
Location: Texas
Distribution: RHEL, Scientific Linux, Debian, Fedora
Posts: 3,935
Blog Entries: 5

Rep: Reputation: Disabled
Definitely the latter. You don't want to have to worry about world writeable files or directories on your system. They will give you a serious headache one day.

Make the /cache/ directory owned by apache:jones, add apache to the jones group (assuming that won't introduce other security problems for you), and then put the guid bit on the /cache/ directory (so that group ownership always defaults to jones for new files).

# chmod 2770 cache
1 members found this post helpful.
Old 04-18-2010, 09:53 AM   #3
Registered: Apr 2009
Location: Perth, Australia
Distribution: Ubuntu/CentOS
Posts: 208

Rep: Reputation: 50
Or if Jones doesn't want apache to have access to all of his things:
Create a new group called jonescache (or something similar)
Join both jones and apache to that group
Set the group ownership of cache/ to the new group
Set the guid bit on the folder

Last edited by SuperJediWombat!; 04-18-2010 at 09:56 AM.
Old 08-27-2010, 01:11 AM   #4
LQ Newbie
Registered: Aug 2010
Posts: 2

Rep: Reputation: 0
The usermod -a -G is more secure than the chmod 777. There is no need to maintain the writable files and directories in the second option.


apache, chmod, permissions, security, usermod

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Why doesn't chmod -R 777 works? Snouser Linux - General 9 09-04-2008 06:39 PM
chmod 777 664 zerocool22 Linux - Server 7 06-03-2008 07:58 AM
Is it safe to chmod 777 Navaboy Slackware 4 03-24-2005 07:54 AM
CHMOD in shell : chmod 777 /usr/ <---is that right? cpanelskindepot Programming 5 07-16-2004 06:37 AM
chmod 777 /* ziggamon Linux - Newbie 2 09-25-2003 12:40 PM

All times are GMT -5. The time now is 04:31 PM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration