File Permissions

[bizzaro]

I have a directory that is owned by root:root, with permissions set as 777. Their is a sub-directory in the previously mentioned directory that I only want root users to see. The fact that the parent directory is set to 777, I don't know how to not allow everyone to view the subfolder. Any ideas?

 

[zeland]

Set the folder permission to 770?

--== Anything can go wrong. It's just a matter of how far wrong it will go till people think its right. ==--

 

[bizzaro]

I did try setting the subfolder to 770. This allows users to still see the folder, but nothing inside of it. I am trying to not allow users to even see the subfolder.

 

[zeland]

Maybe some groundwork for you. The Octal permission mode of 777 is not one permission setting on its own but 3. Each [7] is actually a permission sum of: (r)ead=4, (w)rite=2, e(x)ecute=1. So a 7 means 4+2+1 or r+w+x & a 5 = 4+1 = r+x. The permissions for the series of 7's in the order of (u)ser (or owner), (g)roup, (o)thers. So, 777 means that user, group & others, all have access to a folder or file while a 770 mean only the user & group has access (r+w+x) but others don't.

--== Anything can go wrong. It's just a matter of how far wrong it will go till people think its right. ==--

 

[zeland]

I'm afraid you can't do that. Permissions are only there to control access to folders & files, not to hide them.

--== Anything can go wrong. It's just a matter of how far wrong it will go till people think its right. ==--

 

[bizzaro]

I completely understand the permissions.

Root level:
Folder named "TEST" is set for root:root 777. This folder has many files and subfolders within it. I would like to create another subfolder under TEST that only root users will be able to see. I don't think I can do this since the parent directory TEST is allowing other users to read. Maybe I can hide it somehow.

 

[blainepruitt]

You should be able to hide it. For example if /TEST is set to 777, then just create your subfolder, we'll call it TEST2. Then issue the command:

# chmod 700 TEST2

From scratch:

# mkdir -p /TEST/TEST2
# chmod 777 /TEST
# chown -R root:root /TEST
# cd /TEST
# chmod 700 TEST2

No other user besides the owner, which in this case is root, will be able to read the subfolder.

HTH
-bp

 

[jgunkel]

Except that with the parent folder "TEST" set 777, any user will be able to chmod/chown the TEST2 folder and indeed, any other object below it to get to whatever it is that you don't want them to.

Consider allowing read only access to the parent folder, (ie: mode 755) and then allowing more permissive access to the child folders. If that's not granular enough, you will need to see what getfacl/setfacl can do for you.

(As a side note, leaving Anything that is owned by root writable by some other user is a major source of security holes. Please don't do it.)

Cheers!

 

[geirendre]

Is it the subfolder themself they should'nt se,
or is it what's inside of them?
If the latter is the case, then

chmod go-rwx /path/to/folder

should stop them from cd into the folder, or
reading or changing them.

 

[RhythmAce]

There are a couple things you can do to hide a directory but there are so many things that can nullify it, there really isn't much point in it. For example, you can place a dot in front of the directory name and that will make it a hidden directory but there is are a lot of ways to override this. Another way comes from the old dos days when we would use a single unprintable character by holding dow the alt key and typing something like (alt key + 255) I can't remember the exact number but it would appear as a space. The problem is that listing all the directories shows that there is a directory there and all one has to do is figure out what the character is. With the advent of GUI, all you have to do is click on it. I'd suggest not putting the directory where regular users can see it.