Hello, I have created droplet with wordpress 4.9.1 on ubuntu 16.04 using standard Digital Ocean one-click-app creator. After installation everything had been working properly but after a while I figured out that ufw was showing wired warning “/ is group writable!” on the top of every ufw commands output. So for example every time I executes sudo ufw status verbose
it prints something like this:
WARN: / is group writable!
Status: active
[my firewall’s rules here]
ls -ld /
shows that indeed privileges of / are drwxrwxr-x, insteed of typical 755.
Actually, I don’t have much experience on linux administration, but I have never seen that kind of setting before, so it is a little bit strange for me. On the other hand this setting comes from basic DO installation and I don’t want to break my droplet down by changing that.
So here are my questions:
This textbox defaults to using Markdown to format your answer.
You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.
Thanks for reaching out! I created a WordPress droplet and were able to confirm this is occurring. To answer your questions:
I reached out to our Kernels and Images team to investigate this and ensure that the permissions on / are the expected defaults on future updates.
Absolutely. This should resolve the warning and as the root user you have full permissions to do so.
Probably not. I’m not a security expert (20+ year sysadmin/developer though) but I am not aware of any major issues that would result from these particular permissions. That being said, there is no reason to maintain a non-standard configuration unless you have a specific need to so I would recommend making the change just to prevent any future confusion if another error or warning like the ufw one pops up (especially if it isn’t as descriptive of the source of the issue).
Had the same issue just now on the latest Docker image. Did a
chmod 755 /
to deal with the error and now all is well:This although the DO Docker message stated 22, 80 and 443 would be opened
“ufw” has been enabled. All ports except 22 (SSH), 80 (http) and 443 (https) have been blocked by default.
and here I see 22,2375,2376 and no 80 nor 443. Doing an nmap I do see 80 open though as well as a few others: