666 vs 777

marcnyc

no it's not a satanic post, it's one about permissions :evilgrin:

i was just wondering if somebody can clarify this for me...
If I have a folder I want to be writable so that a user can upload something to it or change something in it, does it have to be chmodded 777 or can it be 666?

Until now I have always done 777 because a lot of scripts suggest that, but the third number is for execution and a folder is not a script that needs to be executed, right? and a file that I might want to open and modify is also being read and writte, and not executed, right?

Can I get away with 666 to make my server a little less vulnerable and safe or am I missing something?

Thanks

bpat1434

Well, when you say "third number" do you mean the third 7? If so, your assumption of the linux permissions system is wrong.

There are 4 levels of permission:

0 - no permission
1 - execute
2 - write
4 - read

There are three different types of level of permission: owner, group, other.

The first number is the permissions the owner has on that file/folder, the second the group's permission, and the last anyone else's permission.

So 755 allows the owner to do anything, and group and others to read and execute, but not write.

So in your case, 666 should be sufficient in order to allow anyone to read and write to that directory/file.

Really, you should never have to have a file be 666. If a user uploads something, assuming they're using a php form, then the file would be saved as apache (or the user php is running as) and would then be the owner. At most, the folder the files are saved in should be 666, but no others. Only those that need to be 666 should be 666, all others should be more secure and more restrictive in permissions.

marcnyc

I will try 666 and see if it works well with everything.
Thanks

halojoy

To avoid others will be able to write
we should use 755 or 644

777 or 666 will allow anyone to write and change your files
if you are unlucky to give the permission in wrong place

666 or more often used 777
This you should only put on special files/folders,
for example a folder for upload of images for visitors/members
or datafiles like CSV files, that should be possible to write to

Weedpacket

And, just to add one more detail, a directory (like everything else in a U*x file system) is a file, and "executing" it is exactly what is usually described as opening it (i.e., if you don't have permission to execute a directory then you don't have permission to enter it or list its contents, etc.).

marcnyc

Thanks for your input Weedpacket, that removes a lot of my confusion.
Halojoy, that's actually my case, a folder where people upload images and text files that are opened with fopen, fread and written with fwrite
So I should use 666 for the files I am writing/modifying and 777 for the folders that contain them. Is that correct?