Why Not to Use chmod 777

In this guide, we will explain to you what chmod 777 does and why setting that permission should rarely be done.

Why not to use Chmod 777

When you are trying to find a solution to an issue you are experiencing with Linux permissions, you will see some people recommend using the command “chmod 777“.

The chmod command is a powerful tool used to modify a Linux system’s permissions for a specific file or directory. The command can be dangerous to system’s security when misused, for example, setting the permissions of files and directories to 777.

You should typically never run a command off of the Internet without understanding how it works and it’s implications for your system.

This guide will explore what using chmod 777 does to permissions and why you should avoid doing it.

The Basics of File Permissions in Linux

Before we explain why using chmod 777 is terrible, we need to explain a little about Linux’s file permissions.

This section will give you a basic understanding of how file permissions work and why they are an essential part of Linux.

If you would like to learn more about Linux’s permission system, be sure to check out our full guide.

Quick Rundown of Permissions

Simply put, the file permission system is designed to control access to files and directories. These permissions stop an unauthorized user from accessing or modifying files and directories.

For every file, there are three different permission groups that you can control individually. These three permissions groups are the following.

  1. File Owner – This is the user that is set as the owner of the file. You can control the owner using the chown command.
  2. Group Owner – This represents the group that owns this file. While only one user can own a file, numerous users can be part of a group that owns a file.
  3. Others – This permission set accounts for all users that aren’t the file owner or a member of the group owner.

For each of these permission groups, you can control their ability to write, read, or execute a file.

Below we will give a quick explanation of what each of these three permissions are and what they are used for.

While files and directories have the same three permissions, they behave slightly differently.

  1. The Read Permission
    • Files – The user can read the contents of the file.
    • Directories – A user can view the contents of the directory. For example, they can use the ls command to list files within the directory.
  2. The Write Permission
    • Files – The user can modify and change the file.
    • Directories – A user can alter and modify the contents of a directory. For example, the user will be able to create, delete, move, or rename files.
  3. The Execute Permission
    • Files – Allows the user to run the file. For example, if its a bash script, the user can run it.
    • Directories – Allows the user to set this directory as its current directory.

Numerical Permissions

Now that you have a quick understanding of what permissions are on a Linux system, let’s now understand what the number 777 means when it comes to chmod and permissions.

Looking at the number 777, you need to separate it into three separate digits. Each digit represents the permissions for a particular group.

  1. The first digit represents the permissions for the user that owns the file.
  2. The second digit is the permissions for the group that the file or directory belongs to.
  3. The final and third digit is what represents the permissions for all other users.

Each digit is made up of the values for the read, write, and execute permissions. These permissions have the following numerical value assigned to them.

  • Read = 4
  • Write = 2
  • Execute = 1

To add multiple permissions together, all you need to do is add the permissions numerical values together.

For example, if you wanted a user to be able to read and execute a file, you would add the value 4 (Read) + to the value 1 (Execute).

Combining these two values would leave you with the value 5, meaning the user will have both read and write privileges.

Why Not to Use chmod 777?

You should now have a basic understanding of file permissions in Linux and what the numbers you see mean.

Next let us explain why using 777 is a bad practice and why it should be avoided.

When you set the permission for a file or directory to 777, you are giving all three permission groups the ability to read, write, and execute that file.

The permission 777 means that any user on your operating system can modify, execute, and write to the files posing a significant security risk to your system.

An unauthorized user could use this to modify files to compromise your system. In a web server scenario, an unauthorized user could change your website to serve malicious content.

Simply put, you should typically never set a file’s permission to 777 as it gives complete access to the file for any user on the system.

What To Do Instead?

So you may be wondering what permissions you should typically use for files and folders.

This question is a bit open-ended as what permissions you need to set for a file ultimately depends on your particular use case.

Before adjusting permissions for a file, make sure you have read up on both the chmod and chown commands.

Also, be sure to read up on file permissions on Linux. It’s essential to understand how the permission system works.

Below we will go into some of the recommended permissions for those dealing with a web server.

Suitable Permissions for a Web Server

When it comes to files that you are serving through a web server such as Apache or NGINX, some general permissions will work for most cases.

The first thing is there is zero need for any files within the directories your serving to have the execute privilege.

When a web server serves these files, it only needs to be able to read from them.

Typically for files within a web server, you will want to use the permission 644 for files and 755 for directories.

Setting the Permissions for Files

By setting permissions for files to “644“, we are saying the following:

  • The Owner can read and write to the files.
  • Both the group owner and everyone else  can only read from the files.

These permissions ensure that the webserver can read and serve the files from your web directories.

You can update the permissions for all of the files within a directory by running the following command.

find /var/www -type f -exec chmod 644 {} \;

This command will loop through all files within the “/var/www” directory and use the chmod command to change it’s permissions to 644.

Setting the Permissions for Directories

For directories, you will need to set slightly different permissions as they are interpreted somewhat differently.

Suppose we don’t give the permission groups the execute permission. In that case, they will not be able to enter into the directory and access the files.

So for every directory within the web server, we will set the permissions to “755“. The only difference to a file being the addition of the execute (1) privilege.

  • The owner can create, modify, and delete files within the directory, list the directory’s contents, and enter it.
  • The other and group permissions are set to list the contents of the directory and enter the directory.

To apply these new permissions to all directories within a directory, you can use the following command.

find /var/www -type d -exec chmod 755 {} \;

This command will find all directories within the specified directory (In this case, “/var/www“) and modify their permission to 755.

Ensure the Correct User owns the Files/Directories

None of these permissions mean anything if you have the wrong user and group set to the files and directories.

Typically in the case of a web server, you will need to make sure the correct user owns the files that your web server operates under.

One of the most common users that this operates under is the “www-data” user and group.

You can take ownership of all the files by using the chown command and your username.

chown -R www-data: /var/www

This command will use the chown command to recursively go through the “/var/www” directory and give ownership to the “www-data” user and group.

Conclusion

In conclusion, you should always avoid using the “chmod 777” command.

The permissions 777 gives complete access to any user to that specific directory or a file, posing a potentially considerable security risk.

Try always to set permissions, only giving the minimal amount you might need for that user, group, or everyone else.

If you have any feedback or any questions, feel free to leave a comment below.

Be sure also to check out our other Linux guides to help improve your experience with the operating system.

Leave a Reply

Your email address will not be published. Required fields are marked *