Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
hello all, i want to install bbclone in my server, the software requires /var and all subdirectories to have 777 permissions, i wonder if it will be safe do do so. thanks in advance
There is a lot of sensitive info in /var/run that shouldn't be readable by "any" user.. pid files etc
And you certainly don't want write access there for "nobody" user to place fake files..
/var/spool/mail has email content.. read access isn't such a problem as the files have correct permissions, but world write access will allow possibly damaging files to be placed there..
Usually 755 is a better permission for /var & subdirectories..
Does bbclone still request 777 if it is run as "root" ?
I don't have these problems running mirrordir as root..
Last edited by peter_robb; 06-16-2004 at 04:33 AM.
> is it safe to set /var [and all the sub dirs] to chmod 777
Not only no, but HELL, NO!!!!!
Don't do this. Seriously. It is NOT required for bbclone to work. Review the installation notices for bbclone. They are talking about "bbclone's /var directory" (eg /var/www/bbclone/var) this is not the /var directory of your linux box. And even there it's not necessary to give write permission to the world. It's the user that runs the webserver that needs to write files into that dir.
AND, you don't want to give world write access to ANY of the "log files"
in /var/log either............
the lamer script kiddies would have a field day messing with your
head..........
Distribution: OpenBSD 4.6, OS X 10.6.2, CentOS 4 & 5
Posts: 3,660
Rep:
NO WAY!!!
This question has come up before about the very same software. I must say once again that I'm appalled by the extremely poor proramming that the author of that program has done (or extremely poor documentation). His junk is just an instant hack waiting to happen on every server that is running it. The unfortunate thing is that many users are not aware enough to even question whether that is smart and they just follow the install documentaition blindly.
Kudos to carlosruiz for realizing something smelled fishy.
This question has come up before about the very same software. I must say once again that I'm appalled by the extremely poor proramming that the author of that program has done (or extremely poor documentation).
Again: It is NOT NECESSARY for bbclone to work to set _any_ dir's permission to 777. And the docs are rather clear about this:
Quote:
from the FAQs:
You need to make counter[0-15].inc, .htalock, access.php and last.php in the var/ directory of your BBClone installation writable for the server, which is in most cases by applying chmod 666.
"in the var/ directory of your BBClone installation" != /var
The only thing that's wrong with the docs is that they suggest chmod 666 where 664 or 644 should be sufficient provided the dir is owned by the user that runs the webserver.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
