On Mon, Nov 17, 2014 at 2:31 PM, Pascal de Bruijn <pmjdebruijn@xxxxxxxxx> wrote: > On Mon, Nov 17, 2014 at 1:54 PM, Graeme Gill <graeme@xxxxxxxxxxxxx> wrote: > >> Pascal de Bruijn wrote: >> >> Hi, >> >> > I was surprised to see 711 there, as 755 is the standard mode for >> > executables just about everywhere, as far as I know. >> >> There doesn't seem to be any uniformity. > > > I've never seen anything but 755 anywhere (for regular binaries). So as > far as I can tell 755 is pretty standard. > > >> Jam traditionally has 711, >> and other info I've come across has: >> >> chmod 700 command executable script of binary (private) >> chmod 755 command public script (cgi perl script) >> chmod 711 command public binary (compiled code) >> >> while others use 755. >> >> I guess I don't understand why one should be the default over the other. >> What problems are caused by using 711 ? >> > > No clue, I guess it's just considered weird, and they changed it for > consistency reasons. > For open source and distribution, 755 is a lot better: you can do ldd, nm and gdb in such command (but not on 711 programs), which help debugging and to see missing libraries (/ lib versions) 711 maybe it offer more protection on proprietary commands, because you cannot see the internal. [but I'm not sure if there is a workaround.], which in open source is unneeded: the distribution file (tar) and the sources give that information already. IIRC historically a dynamic linked program needed 755 (loader is loaded and executed as (and before) the proper program. Maybe on some BSD is still so. cate