is it safe to set /var to chmod 777
hello all, i want to install bbclone in my server, the software requires /var and all subdirectories to have 777 permissions, i wonder if it will be safe do do so. thanks in advance
|
Not really...
There is a lot of sensitive info in /var/run that shouldn't be readable by "any" user.. pid files etc And you certainly don't want write access there for "nobody" user to place fake files.. /var/spool/mail has email content.. read access isn't such a problem as the files have correct permissions, but world write access will allow possibly damaging files to be placed there.. Usually 755 is a better permission for /var & subdirectories.. Does bbclone still request 777 if it is run as "root" ? I don't have these problems running mirrordir as root.. |
> is it safe to set /var [and all the sub dirs] to chmod 777
Not only no, but HELL, NO!!!!! Don't do this. Seriously. It is NOT required for bbclone to work. Review the installation notices for bbclone. They are talking about "bbclone's /var directory" (eg /var/www/bbclone/var) this is not the /var directory of your linux box. And even there it's not necessary to give write permission to the world. It's the user that runs the webserver that needs to write files into that dir. |
AND, you don't want to give world write access to ANY of the "log files"
in /var/log either............ the lamer script kiddies would have a field day messing with your head.......... |
NO WAY!!!
This question has come up before about the very same software. I must say once again that I'm appalled by the extremely poor proramming that the author of that program has done (or extremely poor documentation). His junk is just an instant hack waiting to happen on every server that is running it. The unfortunate thing is that many users are not aware enough to even question whether that is smart and they just follow the install documentaition blindly. Kudos to carlosruiz for realizing something smelled fishy. |
Quote:
Quote:
The only thing that's wrong with the docs is that they suggest chmod 666 where 664 or 644 should be sufficient provided the dir is owned by the user that runs the webserver. |
All times are GMT -5. The time now is 08:59 AM. |