Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!


Click here to return to the 'You should NEVER use 777' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
You should NEVER use 777
Authored by: sierratarn on Mar 15, '04 11:40:04AM

I'd be very careful about using the 777 permissions especially for something that you as the administrator or root user might run some day. 755 will instead give users the ability to execute without giving them write permissions. It would be trivial for any user to replace your newreboot binary with a shell script that would do some bad thing (cd /;rm -r *) that when you run as root will be bad. There should be no reason to use 777 for executables - its a bad bad idea. Use 755 instead! or 775 if you have a trusted group of people who need to administer the script. If you go the SUID rout it's an even worse idea as any user can then run the script and any do any evil they wish.



[ Reply to This | # ]
You should NEVER use 777
Authored by: sapridyne on Mar 15, '04 11:42:41AM

Cool -- good call. Thanks for the comment.



[ Reply to This | # ]
You should NEVER use 777--Try 555
Authored by: googoo on Mar 15, '04 11:46:16AM

If you check most executables in /sbin and elsewhere, the permissions are set to 555. This prevents even root from making changes without specifically enabling them.

-Mark



[ Reply to This | # ]
file permissions and flags
Authored by: sjk on Mar 15, '04 06:31:19PM

There are several ways root can modify a write-protected file without changing its permissions, such as with output redirection ("echo foo > file") or with a text editor (which may prompt to overwrite read-only permission).

You can set a file's immutable flag to keep it from being modified, moved, deleted or having its permissions changed. Setting a file's system immutable flag is the most extreme because it can only be unset when the system is in single-user mode.

The Locked checkbox in a Finder Info window sets/clears the user immutable flag. The chflags command can set/clear others.

See "man chflags" and "man 2 chflags" for basic info about the different file flags.

I don't recommend using these unless you *really* understand the possible consequences.



[ Reply to This | # ]