chmod Question

[theboywhogotlost]

Is it potentially dangerous to have a file chmod'ed 777 OR -rwxrwxrwx Even if it is in a directory that is chmod'ed 775 OR drwxrwxr-x .

Is the following file or directories dangerous, say I have
DIR/DIR2/File
DIR = drwxrwxr-x
DIR2 = drwxrwxrwx
File = -rwxrwxrwx

If it is Dangerous what can someone do with it.
How would they do it.

incase you want to know the world has access to that dir and file.

 

[Haden]

777 on file will give write permissions to all (other), parent directory with 775 won't impact this (thought other can't write new files in this dir).

 

[theboywhogotlost]

So I have a the following file on the web
/DIR/DIR2/File
DIR = drwxrwxr-x
DIR2 = drwxrwxrwx
File = -rwxrwxrwx

How would somone on the out side write to it? they can't through telnet because when they try to acess domain.com they are promted to give a username and pass same with ftp.

 

[skyking]

web serving software needs to only read the file.
The rule about permissions is quite simple. use the absolute minimum that you need, and if you need to chmod something all the way to 777 for it to work, then you need to examine the process carefully.
About the only thing I'll chmod to 777 is the public folder on a samba share.

 

[theboywhogotlost]

Yes I realize I should not chmod somthing 777 but how could somone tamper with the file?

 

[Kilrsat]

Originally posted by: theboywhogotlost
Yes I realize I should not chmod somthing 777 but how could somone tamper with the file?

A malfunctioning or poorly written cgi/php script is one of the easiest ways, or a misconfigured ftp server that allows anonymous access.

Just browsing html static pages, internet users don't have a direct way to fiddle with your files. However configuration mistakes or poorly written non-static items can lead to risks.

 

[theboywhogotlost]

Thanks ya'll