[Gllug] Is this right? (Permissions question)
Iain Gray
iain.dv at googlemail.com
Fri Dec 29 20:25:50 UTC 2006
to read (and therefore cd into) a directory it must have the execute
permission set for the user.
however a user can still read a file in that dir provided they had
read perms on it, just not list it in an ls.
If you want someone not to be able to change the perms then you could
restrict their shell by a jail (always best for a webby user if you
are actually letting them have a login) then you could make sure they
could not do a chmod. Also it would stop them possibly doing something
more sneaky with a sub-shell or scripting the execute.
Make sure that their umask is set to something like 022 so any files
by default are created as 644 then you are away.
Iain
On 29/12/06, Adrian McMenamin <adrian at newgolddream.dyndns.info> wrote:
> Sorry for the moronic question (assuming it is) - but I have just
> discovered this behaviour and want to check I am right...
>
> I created (as root) an images directory in my drupal heirarchy
>
> It was created as 755 but as I wanted users to be able to write files to
> it but not to do anything naughty like upload a file that pretended to
> be an image and then execute it I changed it to 766 but then found I
> could not actually cd to it - is that right?
>
> Presumably the safe way to do this is to change ownership to www-data
> and make it 700?
>
>
>
> --
> Gllug mailing list - Gllug at gllug.org.uk
> http://lists.gllug.org.uk/mailman/listinfo/gllug
>
>
>
--
Gllug mailing list - Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug
More information about the GLLUG
mailing list