777 is a Security Problem?

Forum Moderators: coopster

Message Too Old, No Replies

777 is a Security Problem?

ashii

8:57 am on Jun 22, 2006 (gmt 0)

I have developed a PHP script that users can install on their servers.The script require them to create a subfolder "myfiles" and assign 755 or 777 permission because script need to write some files (plain text files)inside that folder.

I want to know if this will cause a security Problem with my users servers?

Plesae advice

omoutop

11:16 am on Jun 22, 2006 (gmt 0)

777 gives read/write/execute permission to anyone (person or script), so yeah it is a risk to take.

If you want to run your script, modify it...
chmod() at start to 777
// execute script
chmod() to prev status (possible to 644?)

FiRe

3:37 pm on Jun 22, 2006 (gmt 0)

777 gives read/write/execute permission to anyone (person or script), so yeah it is a risk to take.

That is assuming the user somehow gains access to the server, doesnt mean jut anyone can delete your files ;-)

delboy1978uk

4:25 pm on Jun 22, 2006 (gmt 0)

dont konw if i am right here but surely the scripting is actually done by your server, like in the way apache will connect to your mysql, so i dont think its that much of a risk like the previous guy said

eeek

8:11 pm on Jun 23, 2006 (gmt 0)

You should be able to make the directory writable only by the user that the web server runs under.