Dr. Mark Humphrys

School of Computing. Dublin City University.

Home
Blog
Research
Publications
Contact

Online coding site: Ancient Brain

Search:

Teaching
Project ideas
CA170
CA318
CA686

Notes on Directory protections 


    user      group      other
 [ ][ ][ ]  [ ][ ][ ]  [ ][ ][ ]

r - read (can do ls)
w - write
x - search (can access files given their name)

user bits

Note if turned off, user has power to turn them on any time.

[r][-][x] write-protect for safety
annoying?
[r][w][x] normal

group/other bits

[r][w][x] shared writable directory
can create/delete files
[r][-][x] shared read-only directory
can do ls
[-][-][x] shared read-only dir
can't do ls
can access file if know its name
can't explore without filenames

Example: "share" in my home dir.
You just need to know this dir exists.

Example: web dir
Can only browse named files. The names are in the links. The site advertises a starting point (a web page from which all other web pages can be found by following links).

[-][-][-] normal - hidden

Exercise: You getting into my "share" directory 

# take a look at the permissions:

ls -ld /users/tutors/mhumphrysdculab
# you are "other" which is "--x"

ls -ld /users/tutors/mhumphrysdculab/share
# you are "other" which is "r-x"

cd /users/tutors/mhumphrysdculab
# (works)

ls
# (fails)

cd share
# (works)

ls
# (works)

Exercise: Can you get into other student directory? 

# I am "--x" 
# In fact, all accounts (including students) are "--x"  

drwx-----x 22 mhumphrysdculab tutors   4096 Feb 11 11:53 /users/tutors/mhumphrysdculab
drwx-----x  4 SOMENAME        student  4096 Aug 21 17:00 /users/student/SOMENAME

Q. So how come you can get into my dir but not into other students' dirs?

Raw listing of files on web servers

Showing the difference between r and x.
Consider two web directories. 

drwx-----x    executabledir
drwx---r-x    readabledir
Command-line shows they both have files in them.

Raw listing is often turned off

On Apache, the behaviour of listing directory contents or not can be controlled with Options +Indexes (or Options -Indexes) in .htaccess files.
So it is often turned off.

Minimum needed for Web directories

(Web server is "other".) 
 drwx-----x
ancientbrain.com      w2mind.org      humphrysfamilytree.com

On the Internet since 1987.      New 250 G VPS server.

Note: Links on this site to user-generated content like Wikipedia are highlighted in red as possibly unreliable. My view is that such links are highly useful but flawed.