I'm not the biggest security buff, but a directory that is executable can be searched. You can print the list of files within it. However, if you already have the path, and the file itself is writable, you don't have to worry. So, I think that the argument goes that you don't want people to see your filesystem... If it's not viewable to the public and you can trust all of the users on the server, I wouldn't worry. However, it might be better to create a web group or something so that you can just chmod it 77x, x being whatever you want and put the web user into that group along with your own account, if you feel the need to manipulate the files yourself.

This is for a script that is being released...my experience is that average users just don't know how to deal with groups or owners. If all that can be done is view the files within that one directory, is that really such a big deal (in the case of this script, it wouldn't be)?

They can also create files. I don't know if that is a big deal. If it has to be released, and it's a directory for something non-essential (i.e. uploading avatars) I'd just ask the user to chmod the directory as he feels apropriate. I wouldn't want to do things to someone's system without asking. Or, if the script has the permission, ask as part of installation or something.

Right. They're required to chmod the folder themselves during the installation. I guess I'm just not understanding what the big deal is -- everyone's always like "Oooh, don't chmod folders to 777" but I've never gotten a straight answer on why it's such a big deal.

They can also create files.

If the folder in question is above the public_html folder (i.e. not accessible through regular web browsing), would this still hold true?

Well if you have a site that lets anyone upload files you pretty much have to have it 777, such as a backend for a website that lets the admins upload photos etc... There are times when you have no choice. But if there is no reason for it to be 777 then don;t do it.

Originally posted by Arc
But if there is no reason for it to be 777 then don;t do it.

LOL, but see...I want to know why. You've just done what everyone always does -- "Don't do it." But with no explanation as to why.

The biggest security risk of 777 is that it makes it writeable by anyone on a shared server.
The result is that anyone could write a php script that could remove your whole site.
Most of the time 777 is not needed.
755 or 644 should be quite enough.

Any sensitive info should be 600.

Halfabee

A more secure way to do it would be to ask the user to chown it to apache or whatever the web user is called. Then it could be 600 or 700. However, then anyone could still write a PHP script and screw around with it.

As long as whatever's in the folder isn't vitally important (i.e. avatars) I wouldn't worry.

The problem with world-writeable directories is not so much that people can ADD anything to the directory, but that they can CHANGE anything in teh directory. A malicious user could easily access any of your scripts (since none of them are protected) and modify it in such a way that your entire site is deleted the next time it runs, or worse, do something that steadily detroys data without you knowing it.

Having a directory world-readable means that people can obtain directory listings to obtain data about directory structure (as stated above). A sophisticated user can use this data to crack your directory tree.

Having the directory being above htdocs actually poses a greater security risk. Once a user has accessed this directory (which can be done... chroots like Apache applies are NOT 100% secure), there is then nothing at all preventing the user from executing any type of malicious script on your entire system.

If the fact that you are allowing any user on the server to arbitrarily execute any code they want to isn't scary enough, I don't know what to tell you.

Well, you could put it up and sideways, so to speak. Not above the HTML, but some dead end somewhere with no children. And I don't think that they can edit the files or anything in the directory. I would think that each file would have to be writable to world for that to happen.