Re: [cobalt-users] How do you turn off directory browsing

["Brian Curtis" <admin@xxxxxxxxxxx>]

> > Zeffie schrieb:
> >
> > > chmod 774 dirname
> OR  (The same but different)
> > > chmod -x dirname
> >
> > if you give it 774 (owner rwx, group rwx, others r--), why do you do
> > "-x" thereafter ? wouldn`t it be the same as "664" ?
> yes
> >
> > doesn`t a directory have to be executable to move into ?
> >
>
> Sorry about that...  move into?  Hans I don't understand the question?
>
> Zeffie


You want to make the permission on a dir 751 (drwxr-x--x).  This will
usually allow scripts and whatnot w/o special permissions (ie. run as root
or admin) to go into the necessary directories to perform their actions, but
general users will be unable to do a ls on any dir not within their UID or
GID.

For example, we use the stats program Wusage.  We have created a regular
user/group wusage, and chown'd the directory ~user/.wusage to wusage.wusage.
If you su wusage, you can enter any ~user directory, but cannot list the
files.  However, if you go into the ~user/.wusage directory, you have all
the permissions needed (r,w,x) to update the statistics files as user
wusage.

This works great for us to keep shell users from poking around most of the
system and 'robot' scripts to perform their jobs.  However, note that we
have not tried this on Cobalt hardware, only 'white' Linux boxen.  Also, if
a shell user is fairly knowledgeable with Linux, this will only slow them
down a bit, if at all.

You really should take a piece of Cobalt hardware for what it was designed
for; Raqs = a multi-user hosting appliance.  Therefore your users should
know they are responsible for their own security:  Don't store highly
sensitive info in a multi-user environment.

HTH

--
BC