85
Linux
7y

When so called developers "fixes" things by setting 777 on directories...

Please do not call yourself a dev

Comments
  • 9
    I love to 777 😈
  • 3
    @dieterdw
    I hope you are joking, otherwhise you are making shit dangerous for you and your customers...
  • 10
    That is not a developers job, server admin should worry about those
  • 1
    @tinybyte
    Aggree.
    But why do the developers login and change them?
  • 11
    @Linux the question there should be "why do they even have permission"

    That should be devops or sysadmin chores.

    But in the other hand, if 777 is the developers solution, odds are that they are also devops AND sysop ;)
  • 1
    @sylflo @Voxera
    Well, they are our customers. I have pointed that our several times but they do not listen/care. Even if the site got hacked twice (big ecommerce site)

    I just do not care anymore. I have tried do ny part.
  • 6
    We are developers and we are retarded. That's why we do it.
  • 0
    And it's a god number. Haha i am guilty af.
  • 3
    666 is better. Get it? 😏😏😏😏
  • 1
    @Linux ok I understand :/
    One reason we only build services that run on our own hardware, customers only get to work through the webbrowser.

    Not that it prevents them from making problems but the are a bit more contained ;)
  • 0
    I guess I'm no longer a dev...
  • 0
    How about 755?
  • 0
    What if we do "chmod -R 911" ??
  • 1
    @mundo03
    Much better,
  • 1
    Wtf man, i just 777d 20 mins ago, wtf.
  • 1
    @Linux To be honest, (backend dev and server guy as well) I do this sometimes. I have had cases where some requires were not working and after a few hours of trying to chmod/chown stuff and it still not working I just 777'd it so I could at least continue developing. But, this was solely on my own machine, DEFINITELY NOT on a production server.
  • 1
    @linuxxx
    Well, you do it in a non production machine. The devs I have to deal with - do it in production.
  • 1
    @Linux To be way too honest, I've done it in production once. I did pentest myself to death until couldn't think of another way to access it when all 'trying to access' tests failed :P.
    But never again though, it's very bad security practice and I'm well aware of this.
  • 1
    You're not a dev, you're more than that... a lazy dev 😂
  • 0
    @Linux exactly, as a dev you can do it ok your own machine just to make things work, then let the devops deal with it in prod :p
  • 1
    @mundo03
    But if that is necessary, the devs is doing it wrong
  • 0
  • 0
    @soup-bowl
    Good question.
    I never deal with anything Windows related thou
  • 1
  • 0
    @soup-bowl
    Well, as long as the site cant access any folder outside its documentroot, the server should be fine.
    I think
  • 1
    You know what? There should be a function that runs

    ls -lR | tr -s " " | cut -d " " -f1,9 | egrep [-d]rwxrwxrwx

    and if there's a hit simply disable them until the proper permissions are set.

    PS: The above command recursively searches for files or directories with a 777 permission and prints them.
Add Comment