If it’s all my system should I really care about chown and chmod? Is the point that automatic processes with user names like www-data have to make edits, and need permission to do so, and that’s it?
In addition to corsicanguppy’s comment, some — often important — programs actually expect the system to be secured in a particular way and will refuse to function if things don’t look right.
Now, you’d be right to expect that closing down permissions too tightly could break a system, but people have actually broken their systems by setting permissions too openly on the wrong things as well.
That said, for general, everyday use, those commands don’t need to be used much, and there might even be a way to do what they do from your chosen GUI. Even so, it nice to know they’re there and what they do for those rare occasions when they might be needed.
One of the tenets of security is that a user or process should have only enough access to do what it needs, and then no more. So your web server, your user account, to your mail server, should have exactly what they need, and usually that’s been intricately planned by the distro.
If you subvert it you could be writing files as root that www-data now can’t read or write. This kind of error is sometimes obvious and sometimes very subtle.
Especially if you’re new to this different access model, tread carefully.
Great news! If you need it up, many distros are really great at allowing you cm to compare permissions and reset them. The bad news is that maybe you’re not on one of those. But you could be okay.
If it’s all my system should I really care about chown and chmod? Is the point that automatic processes with user names like www-data have to make edits, and need permission to do so, and that’s it?
Newish Linux user btw
In addition to corsicanguppy’s comment, some — often important — programs actually expect the system to be secured in a particular way and will refuse to function if things don’t look right.
Now, you’d be right to expect that closing down permissions too tightly could break a system, but people have actually broken their systems by setting permissions too openly on the wrong things as well.
That said, for general, everyday use, those commands don’t need to be used much, and there might even be a way to do what they do from your chosen GUI. Even so, it nice to know they’re there and what they do for those rare occasions when they might be needed.
Short answer: yes.
One of the tenets of security is that a user or process should have only enough access to do what it needs, and then no more. So your web server, your user account, to your mail server, should have exactly what they need, and usually that’s been intricately planned by the distro.
If you subvert it you could be writing files as root that www-data now can’t read or write. This kind of error is sometimes obvious and sometimes very subtle.
Especially if you’re new to this different access model, tread carefully.
Great news! If you need it up, many distros are really great at allowing you cm to compare permissions and reset them. The bad news is that maybe you’re not on one of those. But you could be okay.
Thanks for the explanation!