I am not as technical as some people in my social circles, but there are a few things that I have a little bit of knowledge about. For example, when Laurent Schneider wrote a post and entitled it "chmod -R 777 ." I immediately knew what he was talking about, and where he was going with it.
Before I drop very small amounts of tech, let's look at a basic principle - the principle of least privilege (as defined by the National Institute of Standards and Technology).
The principle of least privilege requires that a user be given no more privilege than necessary to perform a job.
NIST then explains why this principle is important.
By denying to subjects transactions that are not necessary for the performance of their duties, those denied privileges cannot be used to circumvent the organizational security policy.
OK, now it's time for me to drop a tiny bit of UNIX. Here's an excerpt from the man(ual) page for the chmod command that Schneider cited:
The chmod utility modifies the file mode bits of the listed files as specified by the mode operand. It may also be used to modify the Access Control Lists (ACLs) associated with the listed files.
The three-digit number that Schneider cited in his title refers to three different settings that can be applied to file permissions. Each digit is significant, since the first digit represents the permissions that the owner has for the file in question, the second digit represents group member permissions, and the third digit represents permissions for everybody else (others).
Needless to say, the number that appears in each digit is significant. If the third digit contains the number "4," then others are able to read the file (but not write to it or execute it). A "2" means that others can write to the file, and a "1" means that others can execute the file. A "6," or "4 + 2," means that others can both read and write to the file. You can perform other number combinations, including "7," or "4 + 2 + 1," which means that others can do anything to the file.
So the cited permission "777" means that owners, group members, and others can all read, write, and execute the file.
But wait, it gets better, because Schneider's chmod command had a couple of other options to it. One of these is described on the man page.
-R Change the modes of the file hierarchies rooted in the files instead of just the files themselves.
And the period, not documented on this particular man page, refers to the current directory.
So in essence, the command that Schneider cited gives everyone unlimited privileges throughout the entire filesystem. Regarding this command, Schneider stated:
This is one of the thing I hate to see, recursively changing everything to 777 :evil:
This UNIX lesson applies away from the UNIX world, and in fact away from the technical world. If you're in a competitive bid and you're trying to decide how to price your widgets, it's not necessary to let the janitor know what that price will be. The principle of least privilege applies here also.
Tom Petty's second and third breakdowns
-
I just authored a post on my "JEBredCal" blog entitled "Breakouts, go ahead
and give them to me." I doubt that many people will realize why the title
was...
2 years ago
