Thread: Chmod 777

    #1
  1. No Profile Picture
    All round clown
    Devshed Newbie (0 - 499 posts)

    Join Date
    Sep 2000
    Posts
    21
    Rep Power
    0
    This isn't really an Apache sepcific question, but I was wondering about the following :

    If you run a script on a server, which writes to a text file, and you have to chmod 777 the directory, is that a security hazard. This particular sever is Apache. Could someone write commands to the text file and execute it ??
  2. #2
  3. No Profile Picture
    freebsd
    Guest
    Devshed Newbie (0 - 499 posts)
    >>Could someone write commands to the text file and execute it ??

    If apache isn't run as suEXEC, then everyone on the same server can always rwx to your file even if you htpasswd protecting your files given you yourself have permission for such file.
  4. #3
  5. No Profile Picture
    All round clown
    Devshed Newbie (0 - 499 posts)

    Join Date
    Sep 2000
    Posts
    21
    Rep Power
    0
    <BLOCKQUOTE><font size="1" face="Verdana,Arial,Helvetica">quote:</font><HR>Originally posted by freebsd:
    >>Could someone write commands to the text file and execute it ??

    If apache isn't run as suEXEC, then everyone on the same server can always rwx to your file even if you htpasswd protecting your files given you yourself have permission for such file.
    [/quote]

    Thanks for the reply. I'm not really worried about other users of the server who have legit access, just people outside the "Network". I am looking to swap it over to a database quite soon, as the text file which store the "news" will grow far too large.

    Thanks again.
  6. #4
  7. No Profile Picture
    freebsd
    Guest
    Devshed Newbie (0 - 499 posts)
    >>just people outside the "Network"

    Then don't worry about it.

IMN logo majestic logo threadwatch logo seochat tools logo