Scenario / Questions
This is a Canonical Question about File Permission and Why 777 is “destructive”.
I’m not asking how to fix this problem, as there are a ton of references of that already on Server Fault (reinstall OS). Why does it do anything destructive at all?
If you’ve ever ran this command you pretty much immediately destroy your operating system. I’m not clear why removing restrictions has any impact on existing processes. For example, if I don’t have read access to something and after a quick mistype in the terminal suddenly I now have access well… why does that cause Linux to break?
Find below all possible solutions or suggestions for the above questions..
First of all a minor terminology nitpick:
chmod doesn’t remove permissions. It CHANGES them.
Now the meat of the issue — The mode
777 means “Anyone can read, write or execute this file” – You have given permission for anyone to do (effectively) whatever the heck they want.
Now, why is this bad?
- You’ve just let everyone read/modify every file on your system.
- Kiss password security goodbye (anyone can read the shadow file and crack your passwords, but why bother? Just CHANGE the password! It’s much easier!).
- Kiss security for your binaries goodbye (someone can just write a new
loginprogram that lets them in every time).
- Kiss your files goodbye: One user misdirects
rm -r /and it’s all over. The OS was told to let them do whatever they wanted!
- You’ve pissed off every program that checks permissions on files before starting.
sendmail, and a host of others simply will not start any more. They will examine key file permissions, see they’re not what they’re supposed to be, and kick back an error message.
sshwill break horribly (key files must have specific permissions, otherwise they’re “insecure” and by default SSH will refuse to use them.)
- You’ve wiped out the setuid / setgid bits on the programs that had them.
777. Among the things in that leading digit are the
Most programs which are setuid/setgid have that bit set because they must run with certain privileges. They’re broken now.
- You’ve broken
The other thing in that leading octal digit that got zero’d is the
sticky bit— That which protects files in
/var/tmp) from being deleted by people who don’t own them.
There are (unfortunately) plenty of badly-behaved scripts out there that “clean up” by doing an
rm -r /tmp/*, and without the sticky bit set on
/tmpyou can kiss all the files in that directory goodbye.
Having scratch files disappear can really upset some badly-written programs…
- You’ve caused havoc in
/procand similar filesystems
This is more of an issue on older Unix systems where
/devis a real filesystem, and the stuff it contains are special files created with
mknod, as the permissions change will be preserved across reboots, but on any system having your device permissions changing can cause substantial problems, from the obvious security risks (everyone can read every TTY) to the less-obvious potential causes of a kernel panic.
Credit to @Tonny for pointing out this possibility
- Sockets and Pipes may break, or have other problems
Sockets and pipes may break entirely, or be exposed to malicious injection as a result of being made world-writeable.
Credit to @Tonny for pointing out this possibility
- You’ve made every file on your system executable
A lot of people have
PATHenvironment variable (you shouldn’t!) – This could cause an unpleasant surprise as now anyone can drop a file conveniently named like a command (say
ls, and have a shot at getting you to run their malicious code.
Credit to @RichHomolka for pointing out this possibility
- On some systems
chmodwill reset Access Control Lists (ACLs)
This means you may wind up having to re-create all your ACLs in addition to fixing permissions everywhere (and is an actual example of the command being destructive).
Credit to @JamesYoungman for pointing out this possibility
Will the parts of the system which are already running continue to run? Probably, for a while at least.
But the next time you need to launch a program, or restart a service, or heaven forbid REBOOT the box you’re in for a world of hurt as #2 and #3 above will rear their ugly heads.
One major thing is that there are many tools like ssh/sudo that check the filesystem permissions for key config files. If the permissions are wrong, these tools are designed to fail, as this would indicate a serious security problem. On my Debian test system and perhaps on others, the ability to login fails, probably because the login binary or something in PAM has permission checks.
So it isn’t really that the system is destroyed — it’s that many tools are designed to immediately fail when the permissions are wrong.
If you reboot a system after doing a
chmod 777 -R / it will boot, and you can start processes that don’t have explicit permission checks. So the system isn’t really dead, just somewhat unusable by-design.
Disclaimer: This has been sourced from a third party syndicated feed through internet. We are not responsibility or liability for its dependability, trustworthiness, reliability and data of the text. We reserves the sole right to alter, delete or remove (without notice) the content in its absolute discretion for any reason whatsoever.