Download your favorite Linux distribution at LQ ISO.
Go Back > Forums > Linux Forums > Linux - Newbie
User Name
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!


  Search this Thread
Old 08-12-2005, 10:25 AM   #1
Registered: Mar 2005
Location: berlin
Distribution: Redhat 9, Fedora 3
Posts: 70

Rep: Reputation: 15
security considerations with 777 on shared host?

I've asked two of my Linux providers about this and neither have responded yet, so let me ask this here:

I have a shared hosting Linux environment (e.g. your normal $4.95 a month Linux account)
and let's say I need to give one directory 777 rights (everybody read/write/execute)
in order to use an SQLite database there or create dynamic PDFs or PHP5 files or whatever.

So, what are the security issues with this exactly?

1. Can OTHER people who have accounts at that shared hosting provider who also have SSH access, can THEY go over into my directory and read/create and delete files? If no, how is this actually prevented (when I create users on local Linux systems, every user can READ basically everywhere, even in /etc for instance).

2. What are the issues from OUTSIDE actually, i.e. via HTTP. I just basically need to make sure that no input from forms is going straight into the database or straight into files that could be created, etc. right?

3. Are there any other issues of setting directories to 777 in shared hosting environments?

4. What if I want a really flexible environment where my PHP files create PHP files on the fly including directories, etc. and I set my WHOLE website to 777. Is there any EXTRA security issues with this over and above setting ONE directory to 777?

Old 08-12-2005, 12:00 PM   #2
LQ Guru
Registered: Nov 2004
Location: San Jose, CA
Distribution: Ubuntu
Posts: 8,507

Rep: Reputation: 124Reputation: 124
Any file with 777 permissions will be readable, writable, and executable by ANY user on the system.
Any directory with 777 permissions will be readable, writable (files may be renamed/created/deleted) and browsable by ANY user on the system.

Yes, if your directory is 777, someone can delete or edit your files. If one of your PHP scripts is insecure, or one of THEIR PHP scripts is insecure, it is possible that data may be editable or deletable from the internet.

Check out this article for more information:
Old 08-13-2005, 12:17 PM   #3
LQ Guru
Registered: Feb 2004
Location: SE Tennessee, USA
Distribution: Gentoo, LFS
Posts: 9,078
Blog Entries: 4

Rep: Reputation: 3165Reputation: 3165Reputation: 3165Reputation: 3165Reputation: 3165Reputation: 3165Reputation: 3165Reputation: 3165Reputation: 3165Reputation: 3165Reputation: 3165
But... it will be accessible to them only if they can get to it.

Most hosting-services are sensible enough to restrict all subscriber files to a single home-directory that is assigned uniquely to them. If your files are not accessible to others, the permissions that you assign to them are much less relevant.

Another factor is how other users would be able to reach them: can they get to a shell, or are they limited to http? If the latter, then what Apache will consent to do is a factor.

Nevertheless... you should assign them appropriately.
Old 08-13-2005, 01:59 PM   #4
LQ Guru
Registered: Nov 2004
Location: San Jose, CA
Distribution: Ubuntu
Posts: 8,507

Rep: Reputation: 124Reputation: 124
let's say I have SSH access on two accounts to a shared box: user1 and user2.

My html files are in /home/user1/public_html, owned by user user1, group users, permissions 755.

Why couldn't user2 just read the files?


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Firewall considerations - 2 Dual boot PCs rickh Fedora 3 04-26-2005 10:06 PM
Server and 777 RodimusProblem Linux - Security 1 02-10-2005 07:12 PM
MS Office client - Linux host based shared calendar testerman Linux - Software 0 02-05-2004 09:42 AM
X Windows server security set back to host access on Slackware 9.1 Jerre Cope Slackware 0 10-14-2003 11:17 PM
chmod 777 /* ziggamon Linux - Newbie 2 09-25-2003 11:40 AM > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 11:01 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration