---
title: Avoid world-writable file permissions
description: Datadog, the leading service for cloud-scale monitoring.
breadcrumbs: >-
  Docs > Datadog Security > Code Security > Static Code Analysis (SAST) > SAST
  Rules > Avoid world-writable file permissions
---

# Avoid world-writable file permissions

{% callout %}
# Important note for users on the following Datadog sites: app.ddog-gov.com, us2.ddog-gov.com

{% alert level="danger" %}
This product is not supported for your selected [Datadog site](https://docs.datadoghq.com/getting_started/site.md). ({% placeholder "user-datadog-site-name" /%}).
{% /alert %}

{% /callout %}

## Metadata{% #metadata %}

**ID:** `rust-security/file-world-writable-permissions`

**Language:** Rust

**Severity:** Warning

**Category:** Security

**CWE**: [732](https://cwe.mitre.org/data/definitions/732.html)

**Related CWEs**:

- [276](https://cwe.mitre.org/data/definitions/276.html)
- [281](https://cwe.mitre.org/data/definitions/281.html)
- [766](https://cwe.mitre.org/data/definitions/766.html)

## Description{% #description %}

Setting a file's "other" permission bit to writable (modes like `0o777`, `0o666`, `0o776`, `0o002`) lets any local user on the system overwrite the file. This enables privilege escalation if the file is executable, data injection if it's read by privileged processes, and tampering of secrets, config, or audit logs. Prefer `0o644` for regular files and `0o755` for executables.

#### Learn More{% #learn-more %}

- [CWE-732: Incorrect Permission Assignment for Critical Resource](https://cwe.mitre.org/data/definitions/732.html)

## Non-Compliant Code Examples{% #non-compliant-code-examples %}

```rust
use std::fs::Permissions;
use std::os::unix::fs::PermissionsExt;

fn invalid() -> std::io::Result<()> {
    // World-writable — classic mistakes
    let _ = Permissions::from_mode(0o777);
    let _ = Permissions::from_mode(0o666);

    // Method form
    let mut p = Permissions::from_mode(0o600);
    p.set_mode(0o777);
    p.set_mode(0o666);

    // Other world-writable triplets
    let _ = Permissions::from_mode(0o776);    // last digit 6 — rw for others
    let _ = Permissions::from_mode(0o002);    // last digit 2 — write only
    let _ = Permissions::from_mode(0o773);    // last digit 3 — wx for others

    // 4-digit (with sticky/setuid) — still world-writable
    let _ = Permissions::from_mode(0o7777);

    // Via the trait name
    let _ = PermissionsExt::from_mode(0o777);

    // Fully qualified
    let _ = std::os::unix::fs::PermissionsExt::from_mode(0o666);

    // Underscore separators
    let _ = Permissions::from_mode(0o7_7_7);

    Ok(())
}
```

## Compliant Code Examples{% #compliant-code-examples %}

```rust
use std::fs::Permissions;
use std::os::unix::fs::PermissionsExt;

fn valid() -> std::io::Result<()> {
    // Restrictive modes — no world write
    let _ = Permissions::from_mode(0o644);            // owner rw, group/other r
    let _ = Permissions::from_mode(0o755);            // typical executable
    let _ = Permissions::from_mode(0o600);            // owner-only rw
    let _ = Permissions::from_mode(0o770);            // group-writable but NOT world
    let _ = Permissions::from_mode(0o640);            // last digit 0 — fine

    // Method form, restrictive mode
    let mut p = Permissions::from_mode(0o644);
    p.set_mode(0o755);

    // Non-literal mode — can't tell statically, don't flag
    let mode: u32 = std::env::var("MODE").unwrap().parse().unwrap();
    p.set_mode(mode);

    // Unrelated method named set_mode but with non-octal literal
    struct Widget;
    impl Widget {
        fn set_mode(&self, _: u32) {}
    }
    let w = Widget;
    w.set_mode(0o644);

    Ok(())
}
```
  Seamless integrations. Try Datadog Code SecurityDatadog Code Security 
{% icon name="icon-external-link" /%}