LinuxQuestions.org - is it safe to set /var to chmod 777

- Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)

- - is it safe to set /var to chmod 777 (https://www.linuxquestions.org/questions/linux-security-4/is-it-safe-to-set-var-to-chmod-777-a-129691/)

carlosruiz

12-29-2003 02:42 AM

is it safe to set /var to chmod 777

hello all, i want to install bbclone in my server, the software requires /var and all subdirectories to have 777 permissions, i wonder if it will be safe do do so. thanks in advance

peter_robb

06-16-2004 04:32 AM

Not really...

There is a lot of sensitive info in /var/run that shouldn't be readable by "any" user.. pid files etc
And you certainly don't want write access there for "nobody" user to place fake files..
/var/spool/mail has email content.. read access isn't such a problem as the files have correct permissions, but world write access will allow possibly damaging files to be placed there..

Usually 755 is a better permission for /var & subdirectories..

Does bbclone still request 777 if it is run as "root" ?

I don't have these problems running mirrordir as root..

demian

06-16-2004 03:26 PM

> is it safe to set /var [and all the sub dirs] to chmod 777

Not only no, but HELL, NO!!!!!

Don't do this. Seriously. It is NOT required for bbclone to work. Review the installation notices for bbclone. They are talking about "bbclone's /var directory" (eg /var/www/bbclone/var) this is not the /var directory of your linux box. And even there it's not necessary to give write permission to the world. It's the user that runs the webserver that needs to write files into that dir.

320mb

06-16-2004 03:37 PM

AND, you don't want to give world write access to ANY of the "log files"
in /var/log either............
the lamer script kiddies would have a field day messing with your
head..........

chort

06-17-2004 03:30 AM

NO WAY!!!

This question has come up before about the very same software. I must say once again that I'm appalled by the extremely poor proramming that the author of that program has done (or extremely poor documentation). His junk is just an instant hack waiting to happen on every server that is running it. The unfortunate thing is that many users are not aware enough to even question whether that is smart and they just follow the install documentaition blindly.

Kudos to carlosruiz for realizing something smelled fishy.

demian

06-17-2004 05:57 AM

Quote:

Originally posted by chort
NO WAY!!!

This question has come up before about the very same software. I must say once again that I'm appalled by the extremely poor proramming that the author of that program has done (or extremely poor documentation).

Again: It is NOT NECESSARY for bbclone to work to set _any_ dir's permission to 777. And the docs are rather clear about this:

Quote:

from the FAQs:
You need to make counter[0-15].inc, .htalock, access.php and last.php in the var/ directory of your BBClone installation writable for the server, which is in most cases by applying chmod 666.

"in the var/ directory of your BBClone installation" != /var

The only thing that's wrong with the docs is that they suggest chmod 666 where 664 or 644 should be sufficient provided the dir is owned by the user that runs the webserver.

All times are GMT -5. The time now is 08:59 AM.