Handle write permissions in ubuntu for uploads or code generators

Usually we need to change directory/file permission to able to write files. This may be for uploads directory or code generation tool. But most of the time some developers do bad thing, that the give permission 777 to the directory/file and get work the done.

sudo chmod -R 777 /path/some-directory

Here the script which throws the write permission error, now executes smoothly as it has got the 777 permission. But here we compromised serious security risk. Permission 777 means that is read/write/execute to everybody in the system, thus creating loop hole for security.

Instead of assigning permission 777, we can assign 775 and add the user who runs the script(which thrown the permission error) in the user group of the directory/file.

Following command adds given user (userName) to particular group (groupName)

sudo usermod -a -G groupName userName

Above will add user which runs the script to the group of users of directory/file which need write permission. Here I am assuming that your directory/file already has write permission i.e. user group has writable permission. You can also check members of user group from file “/etc/group”.

For web applications where Apache is the web server, you can add “www-data” to group of users. For PHP yii framework you need to set writable permission to some directories while development so that code generators can work.

This was just to give alternative way(good) to the developer who quickly give 777 permission to avoid/fix permission error. There are many more things you need to care when you think from security aspect. Avoid globally write is surely one of them.

Happy coding 🙂

 

 

Some ref.

https://help.ubuntu.com/community/FilePermissions
http://askubuntu.com/questions/79565/add-user-to-existing-group
http://www.cyberciti.biz/faq/linux-list-all-members-of-a-group/

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s