Question,

1 = execute
2 = write
4 = read

so 4+2=6 is read and write, etc...

Now, 777 --> User:Group:Web
My question,
when I chmod a file 777, what exactly is the difference between 777 and 770? Or something like that?

Any security issues?
with 777 can only scripts on my server edit the file or also any internet user ...??

(only talking about http here)

Example: chmod 0777

0-7-7-7

Sticky bit-user-group-other.

"other" is everyone on the system, other than the user themselves.

770 woud mean read, write and execute permissions for the user and the group the file or directory belongs to. 7=user, 7=group, 0=other. 0=no permissions, and therefore no permissions for everyone else. 777 = _world_ readable, writable and executable. I.e., user A doesn't like user B -- you can guess what user A can do to user B, seeing that user A has permission to do anything that they want with user B's file/directory. This _can_ depend, and also depend on sticky bits, but I won't get into that here and now. (i.e., take a look at the permissions of your /tmp directory. Anyone can read, write to it, etc., but only the user themselves can modify or delete (or read) the file in question, if the permissions are set correctly, due to the sticky bit).

777 and 770 have a HUGE difference. the 0 means that your file will not be readable, writeable OR executable.

Just to explain this a bit more clearly

user = you
group = usually just you in the group for web accounts but this is normally used for project groups so you can share project files.
others = everyone else (not you or users in group. ie. the internet community)

You will see this format when you type ls -l for a file

rwx rwx rwx

now unix likes using bits to represent things to save space. Permissions are represented in binary notation so rwx = 111 which in base 10 notation means 2^2+2^1+2^0=4+2+1 = 7

so 101 = 5 which means readable and executable, etc., etc,.

Now with 777 this means that ANYONE with access to the server can write to the file. I would definitely not recommend this!

Originally posted by perpetual


[SNIP]

Now with 777 this means that ANYONE with access to the server can write to the file. I would definitely not recommend this!

Good points, and good advice. However, I'm sure this user, like many other's, are on a web server or have a web server, that runs CGI (as a global user), which usually brings in the permissions issue. You're aware of this, I'm sure, but I am posting this for the original poster's benefit. My advice in light of that fact, is if you need a script to create, write to or read a file, is to use a CGI wrapper that will run as your UID (user ID) user and GID (Group ID) group. You can then restrict the permissions properly, and use that aspect of Unix to be the way it's _supposed_ to be and another reason why unix variants are so good. Again, permissions are a _good_ thing, as long as they are used properly. Hopefully you can run a CGI wrapper or something to emulate it to avoid this issue.