- 필수 기능
- 시작하기
- Glossary
- 표준 속성
- Guides
- Agent
- 통합
- 개방형텔레메트리
- 개발자
- Administrator's Guide
- API
- Datadog Mobile App
- CoScreen
- Cloudcraft
- 앱 내
- 서비스 관리
- 인프라스트럭처
- 애플리케이션 성능
- APM
- Continuous Profiler
- 스팬 시각화
- 데이터 스트림 모니터링
- 데이터 작업 모니터링
- 디지털 경험
- 소프트웨어 제공
- 보안
- AI Observability
- 로그 관리
- 관리
ID: go-security/mkdir-permissions
Language: Go
Severity: Warning
Category: Security
CWE: 284
In Unix-based systems like Linux or macOS, and therefore within the Go programming language’s OS package, permissions are set using a three-digit code, with each digit ranging from 0-7. Each digit represents the permissions for the owner, group, and others respectively.
The call err := os.Mkdir("/tmp/mydir", 0777)
would hence set the directory permissions to “777”, giving read, write, and execute permissions to everyone: the file owner, the group, and all others.
Using “777” permissions is generally considered bad practice for maintaining secure systems. The problem is that it gives full permission—including read, write, and execute powers—to every user on the system. This can create potential security risks. For instance, any user, even those without proper authority, could make unauthorized changes to the files or directories. Moreover, allowing executable permissions can be dangerous as malicious scripts may be executed.
As an alternative, it’s recommended to grant the minimum needed permissions. For instance, use “755” to give the owner full permissions and read and execute permissions for the group and other users. If group write access is necessary, then “775” could be considered. In some cases, it might also be beneficial to use Access Control Lists (ACLs) for more granular control over permissions.
Therefore, it is advised to set permissions carefully, considering the principle of least privilege. Always think carefully about who needs what kind of access to ensure both the functionality and security of your applications.
package main
import (
"fmt"
"os"
)
func main() {
err := os.Mkdir("/path/to/new/directory", 0777)
if err != nil {
return
}
}
package main
import (
"fmt"
"os"
)
func main() {
err := os.Mkdir("/path/to/new/directory", 0770)
if err != nil {
return
}
}