World-writable permissions are the equivalent of an unlocked door. They require trust and nothing online should bear the weight of that expectation.
Why are they so bad?
World-writable permissions are also commonly referred to by their binary equivalent of “777”, for which the digits represents the permission level for each of the three possible users:
- file owner
- group of authorized users
- everyone else (a.k.a. “the world”)
The value indicates the specific actions which that particular user has permission to perform:
- 4: read
- 2: write
- 1: execute
If a user has permission to perform more than one action, the values are added together. As such, “7” indicates a user with permission to perform all actions (4 + 2 + 1 = 7) and “777” indicates this level of permission for everyone.
The absolutely worse user / action combination from a security standpoint is “world” and “write”, hence the name “world-writable”.
How do I find world-writable files and folders?
This will return a list of world-writable files (if any) within the current directory:
find . -type f -perm 0777And this will return a list of world-writable directories (if any):
find . -type d -perm 0777To search a specific directory, replace the period with a path to the directory you want to target. If you want to search everywhere, replace the period with a slash:
// search a specific directory for world-writable files:
find /path/to/specific/directory -type f -perm 0777
// search everywhere for world-writable directories:
find / -type d -perm 0777
If you find any world-writable files or directories, be sure to change their permissions and lock that door.