Optimal File Permissions for /etc/init.d/ Scripts: Security Best Practices and chmod Usage


3 views

Init scripts in /etc/init.d/ require careful permission settings to balance functionality and security. These scripts are executed by root during system startup/shutdown and may be invoked by regular users through service management commands.

The ideal permissions for init scripts are:


# Recommended permissions:
chmod 755 /etc/init.d/scriptname

This breaks down to:

  • Owner (root): read (4) + write (2) + execute (1) = 7
  • Group: read (4) + execute (1) = 5
  • Others: read (4) + execute (1) = 5

More restrictive permissions (e.g., 700) might seem secure but can break service management tools. Less restrictive settings (e.g., 777) create security vulnerabilities. The 755 permission:

  • Prevents unauthorized modifications (only root can write)
  • Allows necessary execution by all users
  • Maintains readability for debugging

To set permissions recursively for all init scripts:


find /etc/init.d/ -type f -exec chmod 755 {} \;

For a specific script with ownership correction:


chown root:root /etc/init.d/myservice
chmod 755 /etc/init.d/myservice

Check current permissions with:


ls -l /etc/init.d/
stat -c "%a %n" /etc/init.d/*

Common issues include:

  • Missing execute bit (service won't start)
  • World-writable permissions (security risk)
  • Incorrect ownership (script may not run properly)

For environments requiring granular control:


setfacl -m u:deployer:r-x /etc/init.d/webservice
getfacl /etc/init.d/webservice

In Linux systems, init scripts located in /etc/init.d/ require specific permissions to balance functionality with security. These scripts must be executable by the root user while preventing unauthorized modifications.

The ideal permissions for init scripts are:

chmod 755 /etc/init.d/scriptname

This breaks down to:

  • Owner (root): read (4) + write (2) + execute (1) = 7
  • Group: read (4) + execute (1) = 5
  • Others: read (4) + execute (1) = 5

The 755 permission scheme ensures:

  1. Only root can modify the scripts (write permission)
  2. All users can execute the scripts (needed for service management)
  3. Security through proper access control

To set permissions for a single script:

sudo chmod 755 /etc/init.d/nginx

For batch permission changes:

sudo find /etc/init.d/ -type f -exec chmod 755 {} \;

Check current permissions:

ls -l /etc/init.d/

Sample output:

-rwxr-xr-x 1 root root 1820 Jan 15  2020 apache2
-rwxr-xr-x 1 root root 3532 Feb 20  2021 nginx

If you encounter permission issues, verify:

sudo -l
getfacl /etc/init.d/scriptname

For enhanced security in strict environments:

chmod 750 /etc/init.d/scriptname
chown root:servicegroup /etc/init.d/scriptname

This restricts execution to root and specific service groups.