why_no_777.txt

I received the following comment from a web developer after I told him I wouldn't make his volatile files directory chmod 777 so Apache could write to it.

"777 tends to scare sys admins, so I understand."

Here's my response:

"Yes, it scares us and it should scare you.

"Think of your account like an apartment. If you set your permissions to 777, anyone who can get into the building (onto the server) can make changes: raid your fridge, steal your cat, replace your pillows, or plant evidence pointing to a crime you didn't commit. Even if they did none of those things, you can get skeeved out by the possiblility.

"So you have your personal account, and then you're a member of the project group: you have the key to the project's apartment, because you're the (interior) designer. Of course the owner has a key, but no one else gets in without an invitation.

"You and the owner have given Apache (your publicist) access to show off your work, and now there's a part where you need to let Apache make changes on your orders. So, do you want just Apache to take ownership of the files directory, or do you want to leave the doors wide open to anyone who wanders by? The latter, that's 777. Maybe nothing happens, maybe everything happens. because when you give everyone on the server write access to a directory, everything can.

"Signed,

"The Super"

So while you're justifiedly freaking about about things that shouldn't exist in 2017 but still do, there's also this.