Is CHMOD 775 safe to use?

apache-2.2 chmod

I know it's not good to use CHMOD 777, but is 775 as dangerous? Does it provide a backdoor to hackers as easily as 777?


The difference between 777 and 775 is the writable attribute for the world-group. The big risk with 777 is that any user on your server can edit the file. 775 does not have this risk.

Don't erroneously assume that the "world writable" flag means everyone can write to the file - only the users on that server can. So on a private server, this poses less risk.

One of the biggest risks is that any script on the server now can write to the file - one "weak" script (known or discovered exploits) can compromise the entire server. If the file is 775, and the webserver-user (usually wwwrun with apache) is in the file's group, it can also write to the file. In this case 775 poses the same risks as 777...

Related

What does the IP "192.168.1.1/24" indicate? [duplicate]
Co-location vs. cloud hosting
If I drop my clustered PK and add a new one, what order will my rows be in?
yum claims python isn't installed
I accidentally disabled the web interface for DD-WRT
Pressing backspace with root gives weired character in putty
Can't execute PHP via cron
How to get a cheap nameserver
How to setup reverse proxy to forward domain names to different servers?
Business Continuity and Disaster Recovery Plans
How does Windows detect it is online?
Is it possible to get all the domain names assigned to an IP address?