Unix Server Permission Safety

Unix and Unix-like servers share a common permissions-based system for users and files.  This allows the system administrator (root) to determine which users are allowed access to specified files and what type of access they get.  Whether your server is running FreeBSD, Debian, Red Hat Enterprise Linux, Solaris, Mac OS X or any other Unix-like OS, knowing certain safety rules will help prevent those with ill intent from doing harm to your server.

Keep File Permissions as Tight as Possible

In general, unless you have a good reason to allow the world to access a file, you should keep it completely cut off from world reading, writing, or executing.  If you have files that need to be accessed from the web (such as HTML files), they should not give others more than read access (chmod to 644).

Some scripts will state in their instructions to chmod everything in their directories 777.  This would give read, write, and execute permissions to everyone in the world, posing a huge security risk.  You should avoid using such scripts or find out a better way to install them without compromising security.

Be Mindful of Who Owns a File

In most cases, the file owner has significantly higher permissions than others.  This means, the file owner can usually modify the file.  If you do not trust the owner of a file to do this, you should consider making someone else the owner.

For More Complex Permissions, Use ACLs

If you find yourself struggling to fit your intended permissions scheme within the limitations of the 3-party, 3-permission Unix system, consider using access control lists (ACL).  Most modern OSes now support them, including Linux, FreeBSD, Solaris, and Mac OS X.