What are the world writable directories by default

directory-structurepermissionsSecurity

In a standard Linux filesystem, which of these common directories are world-writable by default?

 /tmp 
 /etc
 /var 
 /proc 
 /bin 
 /boot
 /....
 ....

Why are they world-writable? Does that pose a security risk?

Best Answer

The only FHS-mandated directories that are commonly world-writable are /tmp and /var/tmp. In both cases, that's because they are intended for storing temporary files that may be made by anyone.

Also common is /dev/shm, as a tmpfs (filesystem backed by RAM), for fast access to mid-sized data shared between processes, or just creating files that are guaranteed to be destroyed on reboot.

There may also be a /var/mail or /var/spool/mail, and sometimes other spooler directories. Those are used to hold mail temporarily before it's processed. They aren't always world-writable, depending on the tools in use. When they are, it's because files can be created there by user tools for processing by daemons.

All of these directories usually have the sticky bit (t) set, meaning that only the owner of a file or of the directory can move or delete the files in it.

Any program running as any user can make files in these directories, and it's up to the creating program to do the right thing as far as security for its particular data goes. There's no particular general security problem other than someone potentially filling up the filesystem, but plenty of scope for a program to get it wrong.

There have been some moves towards service-specific /tmp directories. These avoid some of the potential bugs that can come up, so it's not as vital for the program to be bug-free in how it uses the directory.

You can find the world-writable directories on your system with:

find / -maxdepth 3 -type d -perm -777

Related Solutions

What’s the best way to configure shared filesystem directories? (beyond standard unix perms)

If I understand you correctly you want for your music/video etc. directories the same semantic as for /tmp.

For this, you could put the sticky bit on the directories. To quote from the chmod man-page:

RESTRICTED DELETION FLAG OR STICKY BIT The restricted deletion flag or sticky bit is a single bit, whose interpretation depends on the file type. For directories, it prevents unprivileged users from removing or renaming a file in the directory unless they own the file or the directory; this is called the restricted deletion flag for the directory, and is commonly found on world-writable directories like /tmp.

Why Does ‘/’ Have an ‘..’ Entry? – Understanding Filesystem Directory Structure

/.. points to /:

$ ls -id /
2 /
$ ls -id /..
2 /..

Both have the same inode number, which happens to be 2 on this system. (The exact value doesn't matter.)

It's done for consistency. This way, there doesn't have to be code in the kernel to check where it currently is when it processes a .. in a path. You can say cd .. forever, and never go deeper than the root.

Best Answer

Related Solutions

What’s the best way to configure shared filesystem directories? (beyond standard unix perms)

Why Does ‘/’ Have an ‘..’ Entry? – Understanding Filesystem Directory Structure

Related Question