Notes on Directory protections


    user      group      other
 [ ][ ][ ]  [ ][ ][ ]  [ ][ ][ ]

r - read (can do ls)
w - write
x - search (can access files given their name)

user bits

Note if turned off, user has power to turn them on any time.

[r][-][x] write-protect for safety
annoying?

[r][w][x] normal

group/other bits

`[r][w][x]`	shared writable directory can create/delete files
`[r][-][x]`	shared read-only directory can do ls
`[-][-][x]`	shared read-only dir can't do ls can access file if know its name can't explore without filenames Example: "share" in my home dir. You just need to know this dir exists. Example: web dir Can only browse named files. The names are in the links. The site advertises a starting point (a web page from which all other web pages can be found by following links).
`[-][-][-]`	normal - hidden

Exercise

ls -ld /users/tutors/mhumphrysdculab
(note "--x")

ls -ld /users/tutors/mhumphrysdculab/share
(note "r-x")

cd /users/tutors/mhumphrysdculab

ls
(fails)

cd share
(works)

ls
(works)

Raw listing of files on web servers

Showing the difference between r and x.
Consider two web directories.

drwx-----x    executabledir
drwx---r-x    readabledir

Command-line shows they both have files in them.

http://path/executabledir/
index.html does not exist
so it just returns error
http://path/readabledir/
index.html does not exist, but dir is readable
so what it used to do is return a raw listing of files

Raw listing is often turned off

On Apache, the behaviour of listing directory contents or not can be controlled with Options +Indexes (or Options -Indexes) in .htaccess files.
So it is often turned off.

Minimum needed for Web directories

(Web server is "other".)

 drwx-----x

`[r][-][x]`	write-protect for safety annoying?
`[r][w][x]`	normal