Re: Security risks in setting public_html to 777?
From: Steve Wolfe (unt_at_see.signature.com)
Date: Thu, 1 Apr 2004 11:53:22 -0700
> I'm running a web server, and I want some CGI scripts to be able to
> create files and directories in public_html. To do this, I need to set
> permissions for public_html to 777. Are there any security risks in
> doing this?
Yes, there certainly are. However, chances are that you don't really
need them set to 777.
The first 7 is fine. And the second 7 is *probably* fine. But the
third 7? You'll only need that if the web server is running as a user
*other* than the owner of the directories. There are usually ways to fix
that - as an example, with Apache, suexec can be used to let the cgi apps
run as an appropriate user, not as "apache", "nobody", or whatever your
apache runs as.