LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Home Forums Tutorials Articles Register
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
Reload this Page 777 Dir on Webserver
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 08-10-2006, 04:58 AM   #1
ALInux
Member
 
Registered: Nov 2003
Location: Lebanon
Distribution: RHEL 5/CentOS 5/Debian Lenny/(K)Ubuntu Is Dead/Mandriva 10.1
Posts: 676
Blog Entries: 7

Rep: Reputation: 32
777 Dir on Webserver

Hi
Ive read alot about webserver directories not being save if you set them to 777, but I cant figure out how that could be of any harm if there is no shell access or if there are no upload script "php" or whatsoever that uploads and writes directly to that directory. I know I missed something here and there are propably a couple of other ways around. But I still wonder what could actually be done..

Note: No Iam not trying to hack anyone..
 
Old 08-10-2006, 07:35 AM   #2
Panagiotis_IOA
Member
 
Registered: Jan 2006
Location: Hellas, Europe
Distribution: Slackware 12
Posts: 238

Rep: Reputation: 32
Hm... I had the same thought in the past as well because I had to take a over an issuse like that. Well, if the permissions are 777 then everybody who will be able to log in the server, as any kind of user, will have the right to do anything he wants to your files. Basically this can easily happen if there are various accounts on a web server and the users can "walk" from one directory to the other. For example, at my university we have space on a Unix system to upload our web pages. To the same server can log in all the students of the School of Computing. Having permissions as 777 to my files they are allowed to do everything they want.
That is all as far as I know. If there any other reasons I'd like to hear them.
 
Old 08-10-2006, 09:21 AM   #3
ALInux
Member
 
Registered: Nov 2003
Location: Lebanon
Distribution: RHEL 5/CentOS 5/Debian Lenny/(K)Ubuntu Is Dead/Mandriva 10.1
Posts: 676

Original Poster
Blog Entries: 7

Rep: Reputation: 32
Interesting information, so this also implies shell access, I wonder is someone can shed more light on that issue..
 
  


Reply



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Q. moving /bin dir files to /dev dir?? Texas_student Linux - Software 2 03-26-2006 11:42 PM
Share configuratin dir (.dir) for 3 accounts on local computer LiNuXkOlOnIe Linux - Software 5 01-08-2006 03:36 AM
howto make a dir shared that is not in my home dir Schmurff Linux - Newbie 2 06-19-2004 07:54 PM
krecipes and ./configure -with-qt-dir=DIR disco rugby Linux - Software 4 06-13-2004 09:06 PM
Can't see WebServer from outside... Can see WebServer locally as http://localhost friddick Linux - Networking 13 08-19-2003 06:27 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 12:23 PM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration