By totomasz
Hello, I have created droplet with wordpress 4.9.1 on ubuntu 16.04 using standard Digital Ocean one-click-app creator. After installation everything had been working properly but after a while I figured out that ufw was showing wired warning “/ is group writable!” on the top of every ufw commands output. So for example every time I executes sudo ufw status verbose it prints something like this:
WARN: / is group writable!
Status: active
[my firewall’s rules here]
ls -ld / shows that indeed privileges of / are drwxrwxr-x, insteed of typical 755.
Actually, I don’t have much experience on linux administration, but I have never seen that kind of setting before, so it is a little bit strange for me. On the other hand this setting comes from basic DO installation and I don’t want to break my droplet down by changing that.
So here are my questions:
- I’m curious about Why is this setting like it is?
- Should/May I change privileges, or do something else which will satisfy this warning?
- Should I worry about it?
This textbox defaults to using Markdown to format your answer.
You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!
Accepted Answer
Thanks for reaching out! I created a WordPress droplet and were able to confirm this is occurring. To answer your questions:
-
I reached out to our Kernels and Images team to investigate this and ensure that the permissions on / are the expected defaults on future updates.
-
Absolutely. This should resolve the warning and as the root user you have full permissions to do so.
-
Probably not. I’m not a security expert (20+ year sysadmin/developer though) but I am not aware of any major issues that would result from these particular permissions. That being said, there is no reason to maintain a non-standard configuration unless you have a specific need to so I would recommend making the change just to prevent any future confusion if another error or warning like the ufw one pops up (especially if it isn’t as descriptive of the source of the issue).
Had the same issue just now on the latest Docker image. Did a chmod 755 / to deal with the error and now all is well:
ufw status verbose
Status: active
Logging: on (low)
Default: deny (incoming), allow (outgoing), allow (routed)
New profiles: skip
To Action From
-- ------ ----
22 LIMIT IN Anywhere
2375/tcp ALLOW IN Anywhere
2376/tcp ALLOW IN Anywhere
22 (v6) LIMIT IN Anywhere (v6)
2375/tcp (v6) ALLOW IN Anywhere (v6)
2376/tcp (v6) ALLOW IN Anywhere (v6)
This although the DO Docker message stated 22, 80 and 443 would be opened
“ufw” has been enabled. All ports except 22 (SSH), 80 (http) and 443 (https) have been blocked by default.
and here I see 22,2375,2376 and no 80 nor 443. Doing an nmap I do see 80 open though as well as a few others:
Nmap scan report for xxx.xxx.xx.xxx
Host is up (0.13s latency).
Not shown: 993 filtered ports
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
443/tcp closed https
1025/tcp open NFS-or-IIS
2222/tcp closed EtherNetIP-1
3306/tcp open mysql
8085/tcp closed unknown
Become a contributor for community
Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.
DigitalOcean Documentation
Full documentation for every DigitalOcean product.
Resources for startups and SMBs
The Wave has everything you need to know about building a business, from raising funding to marketing your product.
The developer cloud
Scale up as you grow — whether you're running one virtual machine or ten thousand.
Get started for free
Sign up and get $200 in credit for your first 60 days with DigitalOcean.*
*This promotional offer applies to new accounts only.