Why is the root directory in a DO wordpress droplet group writable?

April 2, 2018 160 views
WordPress System Tools Ubuntu 16.04

Hello, I have created droplet with wordpress 4.9.1 on ubuntu 16.04 using standard Digital Ocean one-click-app creator. After installation everything had been working properly but after a while I figured out that ufw was showing wired warning “/ is group writable!” on the top of every ufw commands output. So for example every time I executes sudo ufw status verbose it prints something like this:

WARN: / is group writable!
Status: active
[my firewall’s rules here]

ls -ld / shows that indeed privileges of / are drwxrwxr-x, insteed of typical 755.

Actually, I don’t have much experience on linux administration, but I have never seen that kind of setting before, so it is a little bit strange for me. On the other hand this setting comes from basic DO installation and I don’t want to break my droplet down by changing that.
So here are my questions:

  1. I’m curious about Why is this setting like it is?
  2. Should/May I change privileges, or do something else which will satisfy this warning?
  3. Should I worry about it?
1 Answer
ryanpq MOD April 3, 2018
Accepted Answer

Thanks for reaching out! I created a WordPress droplet and were able to confirm this is occurring. To answer your questions:

  1. I reached out to our Kernels and Images team to investigate this and ensure that the permissions on / are the expected defaults on future updates.

  2. Absolutely. This should resolve the warning and as the root user you have full permissions to do so.

  3. Probably not. I'm not a security expert (20+ year sysadmin/developer though) but I am not aware of any major issues that would result from these particular permissions. That being said, there is no reason to maintain a non-standard configuration unless you have a specific need to so I would recommend making the change just to prevent any future confusion if another error or warning like the ufw one pops up (especially if it isn't as descriptive of the source of the issue).

  • Thanks for your comprehensive reply. I have changed "/" privileges and everything seems ok now.

Have another answer? Share your knowledge.