Home » Questions » Computers [ Ask a new question ]

Security issue on Linux with Netbeans

Security issue on Linux with Netbeans

In order to edit some files in Netbeans, I had to do a chmod 777 on the parent-folder. Reason being that anything else would result in Netbeans not wanting to accept the folder, as it could not be written.

Asked by: Guest | Views: 64
Total answers/comments: 1
Guest [Entry]

"There are 2 issues here, chmod and chown. Netbeans is running as you and the files hopefully are owned by you. If the files are owned by someone else, then they can chown the file. Here is how to change the ownership:

sudo chown your_account:your_account -R my_project

After the ownership has fixed then this is a very conservative chmod:

chmod 760 -R my_project

The first number is the owner, you own the file and 7 is read write execute. The middle number is the one that will govern group access rights, after the chown the group probably contains just you, but you could add another account to the group.

If the file is 666'ed, which is read write for everyone and lets say its written in a scripting language like python, then you can still execute it like this: python my_script.py . However a chmod 666 WILL NOT let you execute it like this: ./my_script.py. Seems like splitting hairs, but in the first command python is the executable and it is reading my_script (so it needs read access), in the 2nd case my_script.py is being executed.

The main threat that chmod and chown defend against is protecting your files from other accounts on the system. You probably are the only user on this system. However, when a hacker breaks in via a daemon process (like bind or postfix) then they will have the user privileges of that account. You don't want that hacker to be able to write executable code in your netbeans project that then could be executed by you. As long as the last block doesn't have a write bit then you shouldn't have to worry about this attack. This is why its common to see chmod 775 although chmod 770 would be more secure. Other daemons like Apache can still read and execute your NetBeans project with a chmod 775 and this might be important if its a PHP project being executed by Apache."