LinuxQuestions.org
Visit the LQ Articles and Editorials section
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 04-14-2010, 01:35 PM   #1
mrbinky3000
LQ Newbie
 
Registered: Dec 2002
Location: Athens, Ohio USA
Distribution: Fedora Core 1,5,6
Posts: 13

Rep: Reputation: 0
Smile Apache security question: chmod 777 vs usermod -a -G


I debated asking this in the newbie forum. However, it deals more with security, so here it goes...

Which is the better practice for allowing the web server (user apache, group apache) to write / delete files in a user's directory (user jones, group jones). Lets say, the directory in question is called "cache".

should I do the following
Code:
chmod 777 cache
OR... should I add the web sever (user apache, group apache) to the "jones" group via the command:

Code:
usermod -a -G jones apache
Also, if I do let apache join the jones group, and there is directory is called "cache" where I want apache and jones to be able to write and delete files, should I set the permissions to that directory to 664 or 755.

They both work. Which is more secure.

Thanks in advance.

- mrb3k
 
Old 04-14-2010, 02:12 PM   #2
anomie
Senior Member
 
Registered: Nov 2004
Location: Texas
Distribution: RHEL, Scientific Linux, Debian, Fedora, Lubuntu, FreeBSD
Posts: 3,930
Blog Entries: 5

Rep: Reputation: Disabled
Definitely the latter. You don't want to have to worry about world writeable files or directories on your system. They will give you a serious headache one day.

Make the /cache/ directory owned by apache:jones, add apache to the jones group (assuming that won't introduce other security problems for you), and then put the guid bit on the /cache/ directory (so that group ownership always defaults to jones for new files).

# chmod 2770 cache
 
1 members found this post helpful.
Old 04-18-2010, 08:53 AM   #3
SuperJediWombat!
Member
 
Registered: Apr 2009
Location: Perth, Australia
Distribution: Ubuntu/CentOS
Posts: 208

Rep: Reputation: 50
Or if Jones doesn't want apache to have access to all of his things:
Create a new group called jonescache (or something similar)
Join both jones and apache to that group
Set the group ownership of cache/ to the new group
Set the guid bit on the folder

Last edited by SuperJediWombat!; 04-18-2010 at 08:56 AM.
 
Old 08-27-2010, 12:11 AM   #4
jennypatel
LQ Newbie
 
Registered: Aug 2010
Posts: 2

Rep: Reputation: 0
The usermod -a -G is more secure than the chmod 777. There is no need to maintain the writable files and directories in the second option.
 
  


Reply

Tags
apache, chmod, permissions, security, usermod


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Why doesn't chmod -R 777 works? Snouser Linux - General 9 09-04-2008 05:39 PM
chmod 777 664 zerocool22 Linux - Server 7 06-03-2008 06:58 AM
Is it safe to chmod 777 Navaboy Slackware 4 03-24-2005 06:54 AM
CHMOD in shell : chmod 777 /usr/ <---is that right? cpanelskindepot Programming 5 07-16-2004 05:37 AM
chmod 777 /* ziggamon Linux - Newbie 2 09-25-2003 11:40 AM


All times are GMT -5. The time now is 12:56 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration