Looking for Clarity on a Phrase

Apologies if this isn’t the right place to post this, as it doesn’t pertain directly to the exercise. On this page, it explains that sudo is necessary for chown because " …we could set the permissions of a malicious program to 777 , change the ownership to root , and run it with our user." I get the ‘777’ part, which implies that you’re giving free reign to a malicious file, but what is the importance of changing the ownership in this example?

3 Likes

Changing ownership of the file permission depends on your collaborators who need either write, read, or execute access to the file.

If we are not the file owner we will get a Permission denied error. Only root can change this for all files. This is why we have to use sudo when editing permission of files that are not ours. There are two commands to do so chown for users and groups and chgrp for groups only.

Each file has rights for three different categories:

  • User - the owner of the file,
  • Group - the group associated with the file, and
  • Other - everybody else.

Each number has meaning in permission. Do not give full permission. Full permission is number 7 or 111 in binary.

N   Description                      ls   binary    
0   No permissions at all            ---  000
1   Only execute                     --x  001
2   Only write                       -w-  010
3   Write and execute                -wx  011
4   Only read                        r--  100
5   Read and execute                 r-x  101
6   Read and write                   rw-  110
7   Read, write, and execute         rwx  111

By changing the file permission to 777:

  • User has read, write, and execute permission
  • Group has read, write, and execute permission.
  • Others has read, write, and execute permission

Everyone has write permission. Write permission is a dangerous permission to give. Anyone can modify your file, insert malicious code, and change the behaviour of file execution. This is not intended outcome. To prevent anyone from re-writing the file, remove write permission for Group and Other.

Ideally, give 755 permission for security reasons by removing write permission for everyone except the user owner of the file.

  • First Number 7 - Read, write, and execute for the user.
  • Second Number 5 - Read and execute for the group.
  • Third Number 5 - Read and execute for others.