Security issue on Linux with Netbeans

1

In order to edit some files in Netbeans, I had to do a chmod 777 on the parent-folder. Reason being that anything else would result in Netbeans not wanting to accept the folder, as it could not be written.

Is there an other way to do this besides doing a chmod 777?

I'm on Ubuntu 9.10, using Netbeans 6.7.1

And after that, I manually have to give each file the needed rights. There should be an easier way, I just don't know it.

EDIT: I am running XAMPP and the files I'm trying to edit are in the htdocs folder.
I'm running Netbeans as my local user account, which is how it starts if I have it run from the applications-menu.

KdgDev

Posted 2010-01-30T14:41:34.393

Reputation: 4 708

Which user owns the files and directories you are trying to edit? Which user are you running Netbeans as? – Phil Ross – 2010-01-30T14:45:46.203

It is easier to provide help if you provide more details.

I know that some folks think they need to change the protections of the GF app server installation.

What directory are you chmod-ing? – None – 2010-01-30T14:49:21.087

all the extra info I could think of. – KdgDev – 2010-01-30T15:37:38.437

Answers

0

There are 2 issues here, chmod and chown. Netbeans is running as you and the files hopefully are owned by you. If the files are owned by someone else, then they can chown the file. Here is how to change the ownership: 

sudo chown your_account:your_account -R my_project

After the ownership has fixed then this is a very conservative chmod:

chmod 760 -R my_project

The first number is the owner, you own the file and 7 is read write execute. The middle number is the one that will govern group access rights, after the chown the group probably contains just you, but you could add another account to the group.

If the file is 666'ed, which is read write for everyone and lets say its written in a scripting language like python, then you can still execute it like this: python my_script.py . However a chmod 666 WILL NOT let you execute it like this: ./my_script.py. Seems like splitting hairs, but in the first command python is the executable and it is reading my_script (so it needs read access), in the 2nd case my_script.py is being executed.

The main threat that chmod and chown defend against is protecting your files from other accounts on the system. You probably are the only user on this system. However, when a hacker breaks in via a daemon process (like bind or postfix) then they will have the user privileges of that account. You don't want that hacker to be able to write executable code in your netbeans project that then could be executed by you. As long as the last block doesn't have a write bit then you shouldn't have to worry about this attack. This is why its common to see chmod 775 although chmod 770 would be more secure. Other daemons like Apache can still read and execute your NetBeans project with a chmod 775 and this might be important if its a PHP project being executed by Apache.

Rook

Posted 2010-01-30T14:41:34.393

Reputation: 319

+1 for the answer overall, but you're incorrect about one thing: The first number is not for root (root is almighty, doesn't need permission). First number is for chown, second is for chgrp, third is for other. So 760 = owner can do everything, group can read/write, and anybody else has no rights. – Michael Moussa – 2010-01-30T17:52:40.997

Other mike, you are correct sir. I have edited it, thank you. – None – 2010-01-30T18:10:54.050

Asked: 2010-01-30T14:41:34.393

Viewed: 352 times

Active: 2010-10-03T22:53:05.833