Skip to content

Instantly share code, notes, and snippets.

@reikoNeko
Created August 18, 2017 18:00
Show Gist options
  • Save reikoNeko/0608521d5c9c655bcd72cedc0881993c to your computer and use it in GitHub Desktop.
Save reikoNeko/0608521d5c9c655bcd72cedc0881993c to your computer and use it in GitHub Desktop.
I received the following comment from a web developer after I told him I wouldn't make his volatile files directory chmod 777 so Apache could write to it.
"777 tends to scare sys admins, so I understand."
Here's my response:
"Yes, it scares us and it should scare you.
"Think of your account like an apartment. If you set your permissions to 777, anyone who can get into the building (onto the server) can make changes: raid your fridge, steal your cat, replace your pillows, or plant evidence pointing to a crime you didn't commit. Even if they did none of those things, you can get skeeved out by the possiblility.
"So you have your personal account, and then you're a member of the project group: you have the key to the project's apartment, because you're the (interior) designer. Of course the owner has a key, but no one else gets in without an invitation.
"You and the owner have given Apache (your publicist) access to show off your work, and now there's a part where you need to let Apache make changes on your orders. So, do you want just Apache to take ownership of the files directory, or do you want to leave the doors wide open to anyone who wanders by? The latter, that's 777. Maybe nothing happens, maybe everything happens. because when you give everyone on the server write access to a directory, everything can.
"Signed,
"The Super"
So while you're justifiedly freaking about about things that shouldn't exist in 2017 but still do, there's also this.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment