Group importance (CHMOD)

Printable View

Jan 03rd, 2004, 11:35 PM
welo

Hey folks. Encountered this board from someone's post over at the vB forums and thought I'd run something by you I'm trying to track down:

You've all seen and heard this a thousand times:

http://llamasery.com/misc/file-permissions.gif
(this has been screenshot straight from WS_FTP)

"Set somefile.php so it has a permission of 777." (indicated above)

This poll is simple. Just indicate how important the group permission settings are to the way you run your site or write your scripts, then give a concrete example of how/why.

(yes there's a point to this; we'll see how this poll goes for awhile first though)
Jan 03rd, 2004, 11:55 PM
mossoi

My site builds cached pages from the Smarty Template Engine so if the chmod settings aren't correct it won't work.
Jan 04th, 2004, 12:01 AM
splufdaddy

It depends on the site. A small static site I recently built uses nothing but HTML, and serves the client great. For a forum I run, an improperly modded file or directory can bring the forum to it's knees.
Jan 04th, 2004, 12:09 AM
welo

Thanks for the feedback so far guys. Realize however I am specifically talking about Group permissions (the 2nd digit in the XXX permission string).
Jan 04th, 2004, 12:13 AM
splufdaddy

Please make your signature a maximum of four lines (looks like you just need to take out a blank line or two at the top).
Jan 04th, 2004, 09:01 AM
nsr81

I never do 777 for any file. I change the group of a file to webserver user and use 770 instead. Same result but your file/directory is not readable by other users trying to snoop around on the server.
Jan 04th, 2004, 02:14 PM
Brak

CHMODing ANYTHING 777 for web scripts is not advised... there is never a situation you would need it for that that I can think of.
Jan 10th, 2004, 02:50 PM
welo

This has turned into an interesting topic across the dev forums where I have posted it (8 so far). I did a 4-page chmod tutorial several years ago and am reworking it now while exploring some of the finer mechanics of the various permissions. When you really look around you don't find much about this (kinda like when looking for UNIX switch references to SSH commands; everyone always just tells you to use [command] --help to see the list of switches for that command). Basically, most people are just expecting someone else to know.

Anyway, current collective poll results are:

Very Important: 50%
Moderately important: 17%
Unimportant: 33%

The interesting thing about the responses I've been getting so far, is people are consistently misunderstanding the question. Although I deliberately specified "Group" permissions this has been mentally filtered out and most people only see the "CHMOD" part. It is important to understand I am specifically attempting to derive information on the Group permission settings (2nd digit in the XXX string - or 3rd digit for 0XXX, as the case may be).

In a nutshell, cases where the Group setting applies are sparse at best. I have experimented with a number of different scripts and files, and currently can find no impact whatsoever where Group permissions are applied (or not applied). You can recursively chmod the Group permissions of your whole site to zero and nothing will stop working. Even the image posted above has a Group setting of zero.

So far, the only person who has made it actually do something is a moderator on my board who assigned the Group of a file directly to Apache. Via SSH:

Code:

chgrp apache somefile chmod 707 somefile

By doing this the file cannot be accessed by the browser. Evidence is leading toward that there should be some significant impact by using Group settings for FTP sites, but I sure haven't found out what yet.