Handle write permissions in ubuntu for uploads or code generators

Usually we need to change directory/file permission to able to write files. This may be for uploads directory or code generation tool. But most of the time some developers do bad thing, that the give permission 777 to the directory/file and get work the done.

sudo chmod -R 777 /path/some-directory

Here the script which throws the write permission error, now executes smoothly as it has got the 777 permission. But here we compromised serious security risk. Permission 777 means that is read/write/execute to everybody in the system, thus creating loop hole for security.

Instead of assigning permission 777, we can assign 775 and add the user who runs the script(which thrown the permission error) in the user group of the directory/file.

Following command adds given user (userName) to particular group (groupName)

sudo usermod -a -G groupName userName

Above will add user which runs the script to the group of users of directory/file which need write permission. Here I am assuming that your directory/file already has write permission i.e. user group has writable permission. You can also check members of user group from file “/etc/group”.

For web applications where Apache is the web server, you can add “www-data” to group of users. For PHP yii framework you need to set writable permission to some directories while development so that code generators can work.

This was just to give alternative way(good) to the developer who quickly give 777 permission to avoid/fix permission error. There are many more things you need to care when you think from security aspect. Avoid globally write is surely one of them.

Happy coding 🙂



Some ref.