0

I am working on a project that allows a user to generate some results. These results are written to a tmp directory and offered as a download to the user. Another process also reads generated XML from that tmp directory to display some values, and a Perl script also scans and loops through that XML file. The XML file and the results file are unique per session.

I also write away user statistics to a logs directory. It contains two files, gen-xml.txt, input.txt. On each user query some information is appended to each file.

I figured that I'd set permissions to 777, but this post got me worried. Does this result in a security issue, and if so, how can I remedy that without losing functionality?

Community
  • 1
  • 1
Bram Vanroy
  • 27,032
  • 24
  • 137
  • 239

1 Answers1

0

If you need read-only access to the generated files, a 644 permission to the files should do it.

This will give the owner of the file a read-write access, but read-only permissions to everybody else.

Here is an excellent tutorial on how Linux permissions work

Cristian Meneses
  • 4,013
  • 17
  • 32
  • When a file is creating in a PHP script, by whom is it created? If it's by "everyone", then 644 can never be sufficient, is it? – Bram Vanroy May 25 '16 at 18:50
  • The files are created by the owner of the process. If you run the server manually, files will be created with your user id. Otherwise, if this is a system service, it will be created by the owner of the process (whatever user you configured, or root). With a 644 permission, for the file owner a 6 permission allows both read-write which is more than enough. It is the rest of the user permissions that matters, so restricting them to readonly is much safer (unless you need them to write to these files) – Cristian Meneses May 25 '16 at 18:53