Why give owner anything other than 7 for file permissions?

security file-permissions permissions

Solution 1:

It is to protect the user from making a mistake.

If the file is important and should not be modified you give read only. Then if the user needs to change it they will have to make a conscious choice to go and chmod 777 the file and then do the action.

Also not letting things be executable helps. If you are writting a script and have several older version in a sub directory. Turning off the ability to be executable will stop you from running the wrong script.

But the owner can always go back and change the file permissions to what they need when they need it.

Solution 2:

Not everything should be executable by default... for instance, scripts you're editing should be invoked by [interpreter] [script.file], in case it has a bug you can't accidentally set it off.

Also, some files shouldn't be deleted or changed. So if you set 0400, the user will have to override the perms. Of course most users just blow by "Are you sure?" type questions, but that's another issue.

I commonly use chmod go=,u=rwX which sets 0600 on all files and 0700 on all directories (and files which had 'x' before). Then make any necessary changes (like the public_html directory or whatever).

Solution 3:

[important] file/dir that you dont want to accidentally rm -rf.

[important] = config / backup / private encryption key, etc etc.

Related

Linux/SSH command to delete every filepath found in file
transparent git-svn gateway
What are the minimum RAM requirements for Server Core 2008 R2?
How to automate starting a multiuser screen session with adding acl to another user?
What could be iptables rules to allow all loopback communication (regardless to actual interface, address and port)?
Alternatives to SSH for tunnelling connections
How can I have a user specific hosts file
How strict is line of sight?
squid and https URLs
Apache load balancer logging question
If logs are being truncated, why use Full recovery?
DisplayPort monitor turns off when 2 monitors are used