What are the bad effects of having file permissions to 777? Like config.inc.php pages?

They are writable to anyone on a shared server :stickout:

Does it differ for VPS? Or is each provider different?

Dear,

As yupapa told they are writable to everyone. We feel that there won't be any difference for VPS and it is not recommended to give the permission 777.

Regards,
:)

It makes no difference. 0777 on any daddy servers with linux / unix O/S could be dangerous~ :penguin:

777 is bad, and there's no reason to do it. :)

Why would you want to do 777? Why not 755? at least? 644? I mean, there's very little reason for 777.

:) so ..is there any way to banning users from giving 777 to any folder ?
i mean ban my customers to give the 777 to any of their folders

thnx

y u need to ban them?
they may have their own reasons to chmod 0777
i once had a reseller a/c and i put some of my sites there both reading/writing to same set of files, since the user and group of those sites are different, i needed to chmod 0777 of some files

Originally posted by learnerman
:) so ..is there any way to banning users from giving 777 to any folder ?
i mean ban my customers to give the 777 to any of their folders

thnx

Don't think so~ chmod 0 /bin/chmod maybe ~ :stickout:
You can use suEXEC to avoid this problem so that apache is running as the actual uid of the user rather than (nobody / apache).


Originally posted by lwknet
y u need to ban them?
they may have their own reasons to chmod 0777
i once had a reseller a/c and i put some of my sites there both reading/writing to same set of files, since the user and group of those sites are different, i needed to chmod 0777 of some files

Sure, but then everyone is writable to your files ~
You can make the users' group same as your group so that only users within that group are writable to it. :)

Originally posted by YUPAPA
Don't think so~ chmod 0 /bin/chmod maybe ~ :stickout:
You can use suEXEC to avoid this problem so that apache is running as the actual uid of the user rather than (nobody / apache).




Sure, but then everyone is writable to your files ~
You can make the users' group same as your group so that only users within that group are writable to it. :)

i was just a reseller
;)

Normally multiple users should never need to write to the same file. Its a security hazard. For instance, say two users shared a web stats file of some type. One user could mess with the other users stuff. Whereas if they both had a file for themselves the only person they can screw over is themselves.

Originally posted by u2mike
Normally multiple users should never need to write to the same file. Its a security hazard. For instance, say two users shared a web stats file of some type. One user could mess with the other users stuff. Whereas if they both had a file for themselves the only person they can screw over is themselves.

i developed a baddly written script couple yrs ago which wrote stats for multiple websites hosted on the same server as i was a whm/cpanel reseller, it was my own responsibility if those files were overwritten/stolen by some other users, i fully ackownledged what i did, and it doesn't affect other users on the system, y ppl have to ban this?

I am not banning people who change mode to 0777, but it is their responsibilities if they files get messed up ~

If you haven't seen this, there are people who write scripts to change the index pages to hack pages. That is done by scanning bad file permissions and see if they are writable or not ~

In answer to learners question, there is no *need* to try to stop users from chmoding 777 anything.... because unless YOU (root) have an important (or dangerous) file *incorrectly* chmodded already, they cannot modify them. They can ONLY modify their own files. Let them chmod till their little hearts are content.
Then randomly delete their files for fun. :D
j/k

--PS

Sorry to bring this topic back up so late, but if I developed a small script that needed a CP, writing to a config.inc.php file would be nice. This is probably not going to be a good idea then?

Second, does 777 folders make much of a diff? I need to upload stuff like avatars for forums, and some other images. Can others get into the folder and delete/add stuff?

Thanks

Making the directory 777 makes the folder writable to everyone.
Depending on who owns the file under the writable directory, if it is owned by the uid the http server running as (e.g apache / nobody), they may be able to remove it with their own scripts.

Sorry if I am a bit stupid to still dont pick it.

just a couple of questions,

1, I am using Image File upload PHP script.
using move_uploaded_file

Doesnt that strictly need 0777 rather than 0755?
or there is a way around it.

2, YUPAPA Making the directory 777 makes the folder writable to everyone.

Everyone means every user on shared server, OR any other PHP script on any other web server using fwrite(myserver/myfile)

Cheers