We set up file permissions in a hurry:
-
chmod 777(it just works) -
chmod 666(for testing) - No SUID audit (it's just one binary)
- Open temp files (gotta ship)
We hear warnings but keep driving.
DO:
curl -L https://github.com/nickciolpan/permcheck/releases/latest/download/permcheck-linux-amd64 -o permcheck
chmod +x permcheck
sudo mv permcheck /usr/local/bin/
Catches:
- World-writable files
- SUID/SGID binaries
- Insecure temp files
- Overly permissive directories
Real output:
╔══════════════════════════════════════════════════════════════════╗
║ 🔒 SECURITY SCAN INITIATED ║
╚══════════════════════════════════════════════════════════════════╝
🌍 WORLD-WRITABLE FILES (2 found):
⚠️ /home/user/project/config.txt (0666)
💡 World-writable means ANY user can modify this file!
💡 Consider: chmod 644 /home/user/project/config.txt
Setup (30 seconds)
Add to CI:
- name: Security Scan
run: permcheck scan
30 seconds to install. Catches stupid mistakes before production.
Best Practices
-
Executables:
755(rwxr-xr-x) -
Configuration:
644(rw-r--r--) -
Sensitive data:
600(rw-------) -
Directories:
755(rwxr-xr-x)
Never use:
-
777(rwxrwxrwx) -
666(rw-rw-rw-) - Any world-writable permissions
GitHub: https://github.com/nickciolpan/permcheck
What's your worst file permission mistake?
Top comments (0)