LinuxQuestions.org
View the Most Wanted LQ Wiki articles.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 12-29-2003, 02:42 AM   #1
carlosruiz
Member
 
Registered: Jul 2003
Location: Japan
Distribution: Mandrake
Posts: 53

Rep: Reputation: 15
is it safe to set /var to chmod 777


hello all, i want to install bbclone in my server, the software requires /var and all subdirectories to have 777 permissions, i wonder if it will be safe do do so. thanks in advance
 
Old 06-16-2004, 04:32 AM   #2
peter_robb
Senior Member
 
Registered: Feb 2002
Location: Szczecin, Poland
Distribution: Gentoo, Debian
Posts: 2,458

Rep: Reputation: 47
Not really...

There is a lot of sensitive info in /var/run that shouldn't be readable by "any" user.. pid files etc
And you certainly don't want write access there for "nobody" user to place fake files..
/var/spool/mail has email content.. read access isn't such a problem as the files have correct permissions, but world write access will allow possibly damaging files to be placed there..

Usually 755 is a better permission for /var & subdirectories..

Does bbclone still request 777 if it is run as "root" ?

I don't have these problems running mirrordir as root..

Last edited by peter_robb; 06-16-2004 at 04:33 AM.
 
Old 06-16-2004, 03:26 PM   #3
demian
Member
 
Registered: Apr 2001
Location: Bremen, Germany
Distribution: Debian
Posts: 303

Rep: Reputation: 30
> is it safe to set /var [and all the sub dirs] to chmod 777

Not only no, but HELL, NO!!!!!

Don't do this. Seriously. It is NOT required for bbclone to work. Review the installation notices for bbclone. They are talking about "bbclone's /var directory" (eg /var/www/bbclone/var) this is not the /var directory of your linux box. And even there it's not necessary to give write permission to the world. It's the user that runs the webserver that needs to write files into that dir.
 
Old 06-16-2004, 03:37 PM   #4
320mb
Senior Member
 
Registered: Nov 2002
Location: pikes peak
Distribution: Slackware, LFS
Posts: 2,577

Rep: Reputation: 47
AND, you don't want to give world write access to ANY of the "log files"
in /var/log either............
the lamer script kiddies would have a field day messing with your
head..........
 
Old 06-17-2004, 03:30 AM   #5
chort
Senior Member
 
Registered: Jul 2003
Location: Silicon Valley, USA
Distribution: OpenBSD 4.6, OS X 10.6.2, CentOS 4 & 5
Posts: 3,660

Rep: Reputation: 69
NO WAY!!!

This question has come up before about the very same software. I must say once again that I'm appalled by the extremely poor proramming that the author of that program has done (or extremely poor documentation). His junk is just an instant hack waiting to happen on every server that is running it. The unfortunate thing is that many users are not aware enough to even question whether that is smart and they just follow the install documentaition blindly.

Kudos to carlosruiz for realizing something smelled fishy.

Last edited by chort; 06-17-2004 at 03:33 AM.
 
Old 06-17-2004, 05:57 AM   #6
demian
Member
 
Registered: Apr 2001
Location: Bremen, Germany
Distribution: Debian
Posts: 303

Rep: Reputation: 30
Quote:
Originally posted by chort
NO WAY!!!

This question has come up before about the very same software. I must say once again that I'm appalled by the extremely poor proramming that the author of that program has done (or extremely poor documentation).
Again: It is NOT NECESSARY for bbclone to work to set _any_ dir's permission to 777. And the docs are rather clear about this:

Quote:
from the FAQs:
You need to make counter[0-15].inc, .htalock, access.php and last.php in the var/ directory of your BBClone installation writable for the server, which is in most cases by applying chmod 666.
"in the var/ directory of your BBClone installation" != /var

The only thing that's wrong with the docs is that they suggest chmod 666 where 664 or 644 should be sufficient provided the dir is owned by the user that runs the webserver.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Cannot set chmod for directory to 777 or 666 q.sa Linux - Software 6 07-19-2005 09:36 AM
Is it safe to chmod 777 Navaboy Slackware 4 03-24-2005 06:54 AM
CHMOD in shell : chmod 777 /usr/ <---is that right? cpanelskindepot Programming 5 07-16-2004 05:37 AM
is it safe to set /var to chmod 777 carlosruiz Linux - Security 4 12-31-2003 04:00 AM
accidently set "chmod -R 777 *".. need help? scorpatron Linux - General 10 12-05-2003 03:12 AM


All times are GMT -5. The time now is 09:33 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration