In Unix-like OS's, what's the point of giving the owner of a file anything less than 7 (rwx) for file permissions? The owner can trivially change the owner permissions for his/her files, and so can a cracker if the acct. is compromised. Setting the owner permission to anything other than 7 seems to just get in the way w/o producing any actual security improvements.
SnapOverflow
It is to protect the user from making a mistake.
If the file is important and should not be modified you give read only. Then if the user needs to change it they will have to make a conscious choice to go and chmod 777 the file and then do the action.
Also not letting things be executable helps. If you are writting a script and have several older version in a sub directory. Turning off the ability to be executable will stop you from running the wrong script.
But the owner can always go back and change the file permissions to what they need when they need it.
Not everything should be executable by default... for instance, scripts you're editing should be invoked by
[interpreter] [script.file], in case it has a bug you can't accidentally set it off.Also, some files shouldn't be deleted or changed. So if you set 0400, the user will have to override the perms. Of course most users just blow by "Are you sure?" type questions, but that's another issue.
I commonly use
chmod go=,u=rwXwhich sets 0600 on all files and 0700 on all directories (and files which had 'x' before). Then make any necessary changes (like the public_html directory or whatever).[important] file/dir that you dont want to accidentally rm -rf.
[important] = config / backup / private encryption key, etc etc.