1. Overview
Unix-like operating systems like Linux usually run on shared computers. They use permission control to check who can access and change their filesystems.
Superusers of the system have the authority to modify any attribute for files and directories belonging to other users. For example, a superuser may substitute a new user for an employee who departs an organization.
In this tutorial, we’ll explore file system permissions on a Linux system. Specifically, we’ll focus on the consequences of opening the root directory recursively to all users. Let’s start with the basics of Linux file system permissions.
2. Understanding File Permissions
In Linux, files and directory permissions play a vital role. They determine the access level for users and running processes. In fact, different permissions grant a distinct level of privileges to a user.
Basically, the Linux permissions paradigm works by attaching every system file to an owner and a group. It then assigns access permissions like read, write, and execute to these files and directories. Furthermore, we can use these permissions for the following three categories of users:
- owner
- group
- others
Let’s now move on to the 777 permission.
3. Understanding File Permission 777
Access mode 777 makes a file fully readable, writable, and executable for everyone. To put it another way, this permission gives any user full access to a file on a system. Accordingly, we should use this permission only when we trust all our users with a given set of data. Also, we should check if there’s no risk of security breaches with this approach.
Similarly, permission 666 gives read and write permission to every user. However, access mode 777 goes beyond this by allowing execution as well.
Such open permissions could enable tinkering with sensitive files. Therefore, using lax permissions is generally not a good idea. Let’s now see what the security implications of using access mode 777 on the root directory are.
4. Security Perspective of Using chmod 777 on Root
First, we explore what it means to recursively (-R) change the mode of the root directory to 777 as a superuser:
$ sudo chmod -R 777 /
After running this command, all our system files are open to everyone. This is more or less the same as providing superuser capabilities to all users.
Let’s explore why.
4.1. Exposed Password Security
Naturally, opening password files to all users is rarely a good idea. This action circumvents the security structure of the system. For example, let’s consider two important files:
- /etc/passwd – user accounts file
- /etc/shadow – shadow passwords file which actually stores passwords
Both of these files are normally read-only for non-superusers. Allowing anyone to modify or even read password files can open a system to direct password changes and password-cracking attacks.
4.2. Ineffectiveness of sudo Privileges
Linux provides the sudo utility to users for managed privilege escalation. Thus, we can perform administrative activities without having to switch users or permanently exposing our session.
Many commands require sudo privileges:
- system updates
- systemd
- storage management
Consequently, if sudo has permissions issues, any of the above might require direct superuser login.
Further, all scripts will get execute permission. Consequently, a non-superuser can execute any script on the system without sudo privileges.
4.3. Sticky Bit Removal
Sometimes, files and directories have the sticky bit set. Such filesystem objects can only be deleted by the owner or a superuser.
For example, the /tmp directory is one such system directory. When we set /tmp to have access mode 777, the sticky bit is cleared.
Accordingly, users who don’t own files in a directory that has its sticky bit cleared can now delete those files regardless. This can wreak havoc on temporary files stored by different programs. They can delete each other’s files.
4.4. Impact on setuid and setgid
Similar to the sticky bit, setuid and setgid are special types of permissions. They are commonly linked with executable files and public directories.
With these permissions set, a user can execute a file by assuming the role of the file owner. In fact, sudo heavily relies on this mechanism. Setting mode 777 overwrites special permissions on any file.
As a result, even normal users can access and execute files. Also, all users can run any command without impersonating a superuser.
4.5. Unprotected Filesystems and Pseudo-Filesystems
Looking at the /proc and /sys pseudo-filesystems, there are many entities that require superuser permissions for us to work with them. For example, the file /proc/sys/kernel/core_pattern is used for setting the core dump location.
Access mode 777 over the root directory lets a normal user delete, move, or manipulate any file on the system. Thus, any user can make configuration changes to the kernel via the pseudo-filesystems.
At the same time, a****ny normal user can now run destructive commands:
$ rm -r /
Of course, running the above wipes all system files and directories forever.
4.6. Compromised Server Security
Usually, servers for applications and web content have a source directory, from which they serve content. Applying access mode 777 on the root filesystem commonly affects such source directories as well.
However, making a web server directory publicly accessible, for example, can cause problems:
- exploiting vulnerabilities, a web visitor could access files outside the source directory
- users on the system can change publicly-visible content on the website
- an attacker can inject malware into the server content
Thus, any outward-facing servers may become a vulnerability with improper permissions.
5. Basic Permissions Fixes
Barring accidents, to avoid overexposing the system, we should start with minimum access permissions, commonly limited to the owner. After that, we can gradually increase the permissions until they best meet our needs. It’s part of the best practices to not use access mode 777 unnecessarily or permanently.
In fact, we should almost never leave our files writable to everyone. Still, from a security point of view, even a small level of security is better than a directory that anyone can write to.
6. Conclusion
In this article, we’ve seen some of the consequences of using the 777 access mode on the root directory. Just one simple variation to the system permissions might make it possible for someone to compromise the whole system.