Excessive permissions are granted when creating a directory. This issue is raised when permission greater than
0755 is given, or permissions argument is not specified when creating a directory using
mkdir() function. By default,
mkdir() function gives universal access(
0777) to created folders.
The permission number can be a 3 or 4-digit numeric, where the first digit states permissions for the file owner, the second digit is for the file group, and the last digit states the permission all other users. Each write, read, and execute permissions have the following number value:
r(read) = 4
w(write) = 2
x(execute) = 1
So as an example, to give full permission to file owner and read permission to the group and all other users, use
0744 while creating a directory.
In general, all security rules follow the principle of least privilege, except when the directory being created needs to be accessed by anyone other than the user creating it. It is recommended to give limited set of permissions.
// Bad practice mkdir('/path/to/dir', 0777); // Recommended mkdir('/path/to/dir', 0755);