Hello!

Inquiry: Is there a way to prevent hosting server users (Linux-based) from assigning 777 permissions to directories and files? Perhaps by setting a maximum of 755?

After experiencing it twice on my hosting server, where users would download compromised scripts and assign 777 rights to files and directories due to malfunction issues, eventually leading to spamming and blacklisting of IP addresses, I am seeking ways to secure the server from such vulnerabilities.

I am curious, what's the use of hosting if I can't upload php files or run scripts on the saps by granting 777 permissions- which is usually required for these actions?

If the above isn't possible, there are some alternatives such as securing the file system with noexec or lowering the umask for all users (like umask 000) while disabling chmod execution for everyone except the administrator. This could help prevent users from creating vulnerabilities on the server by granting the highest permission levels.

Ubuntu users' rights are critical factors to differentiate various commands execution in multi-user systems. It's crucial to define commands appropriately for both administrators and inexperienced users, to avoid potential harm to the system.

One common approach is to use the "sudo" command to grant ordinary users administrator rights while avoiding root user involvement. By default, new users do not possess the sudo rights, and they need to be added to the sudo group via "usermod -a -G sudo <username>".

After adding the user to the sudo group, he/she will be granted administrator privileges in a Linux system, with access to all files in the /dev directory.

On the other hand, some commands' prohibition might be necessary in multi-user systems. Users may be prohibited from adjusting files or directory permissions, restarting the server, calling programs, among others. In this case, certain commands can be prohibited from everyone except the root user by running "sudo chmod o-x $(which <command>)".

To restrict a particular user from executing a command, it's possible to set up a new group (group2), add all users except that user (user1) to the new group, switch the owner group of the command to the new group, and then prohibit everyone except the group and owner from executing the file.

One way to prevent users from assigning 777 permissions to directories and files on a Linux-based hosting server is to enforce a maximum of 755 permissions through various security measures.

First and foremost, it's crucial to educate your server users about the potential risks associated with assigning 777 permissions. Providing clear guidelines and best practices for file and directory permissions can help prevent accidental misuse and reduce the likelihood of security breaches.

Furthermore, implementing strict file system access controls and utilizing tools such as Access Control Lists (ACLs) can help restrict users from assigning excessively permissive permissions. By setting up appropriate ACLs, you can define and enforce more granular access rules for specific files and directories, thus mitigating the risk of unauthorized permission changes.

In addition, regularly auditing and monitoring file and directory permissions can help detect and prevent any unauthorized changes. Utilizing automated tools and scripts to scan for and identify anomalies in permissions can provide early warnings of potential security breaches, allowing for timely intervention to rectify and secure affected areas.

Moreover, consider implementing stringent file system quotas to limit the amount of disk space and files that each user can consume. By imposing strict quotas, you can mitigate the impact of any potential security breaches caused by users assigning excessive permissions to numerous files and directories.

Lastly, continuous monitoring and proactive security measures, such as intrusion detection systems and regular security updates, are essential in maintaining a secure hosting environment. Staying vigilant and promptly addressing any security concerns can help safeguard your server from potential vulnerabilities and unauthorized permission changes.

By combining education, access control mechanisms, monitoring, and proactive security measures, you can significantly reduce the likelihood of users assigning 777 permissions, thus enhancing the overall security posture of your hosting server.