chmod 777 drawbacks

I want to create a PHP script that users can upload an image (logo) into some directory.... well anyways long story short...

the only way that I seem to be able to create this upload script is by setting the images folder to chmod 777

is there any drawbacks to having a folder on the internet with those permission settings?

paradox814

Posting Whiz

351 posts since Oct 2004

Reputation Points: 13

Solved Threads: 4

6 Years Ago

CHMOD 777 means anyone with a user account on the server can read, write, or execute any file within the folder. I would not do this if this is a shared server, because any other user account could edit the files. I am not sure what security concerns are involved with this as far as hacking into the server goes.

cscgal

The Queen of DaniWeb

Administrator

19,421 posts since Feb 2002

Reputation Points: 1,474

Solved Threads: 229

6 Years Ago

Well, as Dani said anyone with an account could write to the machine, this doesn't only limit it to users, web scripts also have access to 'an account' via the anonymous web user, which could cause several security concerns.

If you are running a php script, it is highly recommended that you leave no folder 777 except /tmp. Even then you want to be sure that the /tmp directory is on it's own partition, and is mounted with the no-exec flag to prevent people from running malicious programs such as IRC Bots, or worse rootkits, on your machine.

There are litterally hundreds of reasons why you would not keep the directory 777, however I'll leave it at the reasons mentioned for now.

blud

Linux Reject

Staff Writer

830 posts since Apr 2004

Reputation Points: 154

Solved Threads: 20

This article has been dead for over three months

You