rwx setting
Hi Experts,
just got 2 simple questions to ask:
1) if i set a directory to be drw-r--r-- i'll get "403 forbidden" error. but if i set it to be "drw-r--r-x" i'll be able to view its contents. why is that? coz it's counter-intuitive to me. my understanding is: r stands for read, so i should be able to read the directory's contents.
2) there's a file "abc.tar.gz" that has been set "-rw-r-----". but i found out that i'm still able to click on it and download it. by setting "-rw-r-----" i tried to let people know a file called "abc.tar.gz" exists but not downloadable. so how can i let people know this file exists but disallow them from downloading?
Thanks,
KEN
just got 2 simple questions to ask:
1) if i set a directory to be drw-r--r-- i'll get "403 forbidden" error. but if i set it to be "drw-r--r-x" i'll be able to view its contents. why is that? coz it's counter-intuitive to me. my understanding is: r stands for read, so i should be able to read the directory's contents.
2) there's a file "abc.tar.gz" that has been set "-rw-r-----". but i found out that i'm still able to click on it and download it. by setting "-rw-r-----" i tried to let people know a file called "abc.tar.gz" exists but not downloadable. so how can i let people know this file exists but disallow them from downloading?
Thanks,
KEN
ASKER
hi nice to see you again!
regarding my second question, i found out that it will work if i set its mode to "chmod 700 abc.tar.gz". but the file will become downloadable if i set either "701" or "704"!
so could you tell me why both "704" and "701" could make the file downloadable?
and one more quick question: under windows we can use "putty" to do secure telnetting, so what should i use under Linux? i mean what's putty's counterpart for Linux?
Thanks,
KEN
regarding my second question, i found out that it will work if i set its mode to "chmod 700 abc.tar.gz". but the file will become downloadable if i set either "701" or "704"!
so could you tell me why both "704" and "701" could make the file downloadable?
and one more quick question: under windows we can use "putty" to do secure telnetting, so what should i use under Linux? i mean what's putty's counterpart for Linux?
Thanks,
KEN
ASKER
hi there,
i've got some more to ask and i've increased my points.
1) i've put a flash file (xyz.exe) on my site and i've set its mode to be 755. but when i click on it, a small window pops up asking me to download it. so how can i set it so that when people click on that file, the flash will run automatically?
2) (this question has something to do with question 1) it is said that it's bad to give people "w" and "x" permissions. but i've tried to set xyz.exe to be 777 and when i click on this file, i always get that popup windows asking me the path to download this file. i can't see where the dangers are------how people can possibly modify contents or even delete it from my website?
Thanks,
KEN
i've got some more to ask and i've increased my points.
1) i've put a flash file (xyz.exe) on my site and i've set its mode to be 755. but when i click on it, a small window pops up asking me to download it. so how can i set it so that when people click on that file, the flash will run automatically?
2) (this question has something to do with question 1) it is said that it's bad to give people "w" and "x" permissions. but i've tried to set xyz.exe to be 777 and when i click on this file, i always get that popup windows asking me the path to download this file. i can't see where the dangers are------how people can possibly modify contents or even delete it from my website?
Thanks,
KEN
ken,
sorry. to interrupt.
#1. I think it has to be done at the client side (browser config). What you need to do is to configure the Helper program to "Run" the application, instead of "Asking" what to do. If I recall, if you are using IE, the if you click some unknown (or new) file type, you will get a pop-up box, which you can either save, of Open the apps using certain application.
#2. I think it more of understanding on how Unix file permission works. The my knowledge, the 3 bits - owner,group,others. rwx 4+2+1. So for each file (or dirs), access are depending on the attributes assigned to the file. Remember that a file can be owned by anybody on the system, and when the webserver is running it will be running as some userid (Apache for example will run as Apache, but some system it will be running nobody). With this notion, Apache process by default.
Back to your question, it will be straight forward if somebody can access your server with Apache id (telnet,ftp, rsh, etc. etc), and modify the content. Or they could manipulate the CGI code to do such. It's not going straight-forward, but it is possible.
sorry. to interrupt.
#1. I think it has to be done at the client side (browser config). What you need to do is to configure the Helper program to "Run" the application, instead of "Asking" what to do. If I recall, if you are using IE, the if you click some unknown (or new) file type, you will get a pop-up box, which you can either save, of Open the apps using certain application.
#2. I think it more of understanding on how Unix file permission works. The my knowledge, the 3 bits - owner,group,others. rwx 4+2+1. So for each file (or dirs), access are depending on the attributes assigned to the file. Remember that a file can be owned by anybody on the system, and when the webserver is running it will be running as some userid (Apache for example will run as Apache, but some system it will be running nobody). With this notion, Apache process by default.
Back to your question, it will be straight forward if somebody can access your server with Apache id (telnet,ftp, rsh, etc. etc), and modify the content. Or they could manipulate the CGI code to do such. It's not going straight-forward, but it is possible.
ASKER
Thanks samri,
i've tried both clicking left button and clicking right button. none of the options in the popup menu lets me run this exe program rather than saving it to my hard disk...so i'm waiting for your further help.
as to the security concerns of setting 777, i'll give it a try and see if i'll be able to have a look at someone else's mode setting......i'm currently running Linux, and i don't know what putty's counterpart for Linux is, so i'll have to reboot to Windows and use putty to do it. it may take a while before i can get the answer, so please bear with me for a while.
and i'm waiting for feedback to the question i asked after ahoffmann answered my initial 2 questions.
Thanks for your help,
KEN
i've tried both clicking left button and clicking right button. none of the options in the popup menu lets me run this exe program rather than saving it to my hard disk...so i'm waiting for your further help.
as to the security concerns of setting 777, i'll give it a try and see if i'll be able to have a look at someone else's mode setting......i'm currently running Linux, and i don't know what putty's counterpart for Linux is, so i'll have to reboot to Windows and use putty to do it. it may take a while before i can get the answer, so please bear with me for a while.
and i'm waiting for feedback to the question i asked after ahoffmann answered my initial 2 questions.
Thanks for your help,
KEN
Ken,
Setting up the helpe apps would depends on what browser you are running. For Netscape 4.78 for example, you need to go to "Edit | Preferences | Navigator | Applications". From there, you can select the Application to modify the existing one, or create, or delete. For IE, .. heck, I have no idea. I think it depends on Windows Explorer File Types setting.
yeah. given the experience he (ahoffman's) has, I would be waiting for mroe "firm" answer myself. In fact, I am cutting the conversation -- just feels like adding someting :)
good luck.
Setting up the helpe apps would depends on what browser you are running. For Netscape 4.78 for example, you need to go to "Edit | Preferences | Navigator | Applications". From there, you can select the Application to modify the existing one, or create, or delete. For IE, .. heck, I have no idea. I think it depends on Windows Explorer File Types setting.
yeah. given the experience he (ahoffman's) has, I would be waiting for mroe "firm" answer myself. In fact, I am cutting the conversation -- just feels like adding someting :)
good luck.
ASKER
Hi samri,
yes i found out it's dangerous to set modes like 777, coz they usually put all users under a directory and everyone is able to have a look at how other people set their files' modes.
but anyway, if you do nasty things to someone else's file you still could be traced... can an system administrator trace someone who logged in as an anonymous ftp user??
regarding your suggestion to configure netscape, could you be more specific? i'm running Netscape 6. edit-->preferences-->navig
1) description of type
2) file extension
3) MIME type
4) application to use
i punched in "program" for the first one, "exe" for the second one BUT i don't know what i should fill in to "MIME type" and "application to use". any advice?
as to IE configuration, i have to wait for someone else's help as i have no idea either. :(
Thanks,
KEN
yes i found out it's dangerous to set modes like 777, coz they usually put all users under a directory and everyone is able to have a look at how other people set their files' modes.
but anyway, if you do nasty things to someone else's file you still could be traced... can an system administrator trace someone who logged in as an anonymous ftp user??
regarding your suggestion to configure netscape, could you be more specific? i'm running Netscape 6. edit-->preferences-->navig
1) description of type
2) file extension
3) MIME type
4) application to use
i punched in "program" for the first one, "exe" for the second one BUT i don't know what i should fill in to "MIME type" and "application to use". any advice?
as to IE configuration, i have to wait for someone else's help as i have no idea either. :(
Thanks,
KEN
ken,
yes, if the logging is enabled. On most system, check the file xferlog in /var/adm, or /var/log. However, I think if anonymous ftp will be configured in chroot environment where access are restricted to certain configured directory tree, and it is quite safe. But still having 777 permission would be a big NO.
Netscape 6... Hmm.... tried it, damn slow, revert back to 4.78.
Try to look for similar entries. Another way; I think the first time the browser see a new file-type, the pop-up box will appear, and you will have an option of either to save it, or use certain apps to open the file. I think this setting will be used should the same file-type (extentension) is found.
1) description of type - Just use any description, short and precise. "Text File" for example
2) file extension - The extension, "TXT", without the dot (.), and you could add a few, JPG JPEG
3) MIME type - The file mime type. I think it wont bother much. Try to look for example.
4) application to use - THe external apps that you want to use to open the filetype. THis is what will be spawned when you clicked on the specified file.
Be careful on assigning Apps to executable file type. EXE BAT COM, VBS, etc. are dangerous. By assigning it to be "automatically" executed, somebody could create an EXE file to "DELTREE C:\" would sure create some havoc if the browse automatically executed them.
I think for IE, it is configured via Windows Explorer | File Type association.
What you can test is to create some type, maybe .TEST, and make it text/plain for MIME type, and use NOTEPAD.EXE to open the file. This should get you started.
You could get some listing on mime types in apache config dir. The file would be mime.types.
and again , be careful in assigning apps to EXE COM BAT SCR, VBS, -- any executable. Unless you are sure what is happening.
cheers.
yes, if the logging is enabled. On most system, check the file xferlog in /var/adm, or /var/log. However, I think if anonymous ftp will be configured in chroot environment where access are restricted to certain configured directory tree, and it is quite safe. But still having 777 permission would be a big NO.
Netscape 6... Hmm.... tried it, damn slow, revert back to 4.78.
Try to look for similar entries. Another way; I think the first time the browser see a new file-type, the pop-up box will appear, and you will have an option of either to save it, or use certain apps to open the file. I think this setting will be used should the same file-type (extentension) is found.
1) description of type - Just use any description, short and precise. "Text File" for example
2) file extension - The extension, "TXT", without the dot (.), and you could add a few, JPG JPEG
3) MIME type - The file mime type. I think it wont bother much. Try to look for example.
4) application to use - THe external apps that you want to use to open the filetype. THis is what will be spawned when you clicked on the specified file.
Be careful on assigning Apps to executable file type. EXE BAT COM, VBS, etc. are dangerous. By assigning it to be "automatically" executed, somebody could create an EXE file to "DELTREE C:\" would sure create some havoc if the browse automatically executed them.
I think for IE, it is configured via Windows Explorer | File Type association.
What you can test is to create some type, maybe .TEST, and make it text/plain for MIME type, and use NOTEPAD.EXE to open the file. This should get you started.
You could get some listing on mime types in apache config dir. The file would be mime.types.
and again , be careful in assigning apps to EXE COM BAT SCR, VBS, -- any executable. Unless you are sure what is happening.
cheers.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Hi,
sorry been busy, so haven't gotten the time...
well, it seems i've got what i want and it's the time to finalize this post.
just one more quick question:
i downloaded ssh package and had a read about installation. it is said that i need "zlib" and "ssl" installed first. i had a search and found these two little things. BUT the ssl installed on my linux is a bit old and OPENSSH's installation instruction did mention that old ssl version would cause something(sorry can't remember its name) to not work properly. so it seems to me that i have to install a newer version of ssl. then when i tried to remove ssl through a package management tool(rpmpackage?), i got a warning saying that if i remove ssl, some other packages will be moved as well---which was a long list.
so, will it be possible to upgrade my ssl without hurting anything? how can i do it?
KEN
sorry been busy, so haven't gotten the time...
well, it seems i've got what i want and it's the time to finalize this post.
just one more quick question:
i downloaded ssh package and had a read about installation. it is said that i need "zlib" and "ssl" installed first. i had a search and found these two little things. BUT the ssl installed on my linux is a bit old and OPENSSH's installation instruction did mention that old ssl version would cause something(sorry can't remember its name) to not work properly. so it seems to me that i have to install a newer version of ssl. then when i tried to remove ssl through a package management tool(rpmpackage?), i got a warning saying that if i remove ssl, some other packages will be moved as well---which was a long list.
so, will it be possible to upgrade my ssl without hurting anything? how can i do it?
KEN
all these package manager suck, unfortunately :-((
It's possible to replace openssl without removing other, dependent packages.
Just get the sources and compile yourself, or install the binary files (mainly libraries) manually.
BTW, ssh can be use without zlib and openssl, you just miss the compress and some cryptographic functionality.
It's possible to replace openssl without removing other, dependent packages.
Just get the sources and compile yourself, or install the binary files (mainly libraries) manually.
BTW, ssh can be use without zlib and openssl, you just miss the compress and some cryptographic functionality.
ASKER
well...
i was told by a guy who is sort of a computer guru that it is VERY important to do package management, otherwise you'll leave your whole system a mess.
and i didn't quite catch what you meant. are you saying we don't need package management, or we do need package management but many package management tools are no good? if the latter, please give me an idea which package management tools are worth trying.
Thanks,
KEN
i was told by a guy who is sort of a computer guru that it is VERY important to do package management, otherwise you'll leave your whole system a mess.
and i didn't quite catch what you meant. are you saying we don't need package management, or we do need package management but many package management tools are no good? if the latter, please give me an idea which package management tools are worth trying.
Thanks,
KEN
ASKER
well...
i was told by a guy who is sort of a computer guru that it is VERY important to do package management, otherwise you'll leave your whole system a mess.
and i didn't quite catch what you meant. are you saying we don't need package management, or we do need package management but many package management tools are no good? if the latter, please give me an idea which package management tools are worth trying.
Thanks,
KEN
i was told by a guy who is sort of a computer guru that it is VERY important to do package management, otherwise you'll leave your whole system a mess.
and i didn't quite catch what you meant. are you saying we don't need package management, or we do need package management but many package management tools are no good? if the latter, please give me an idea which package management tools are worth trying.
Thanks,
KEN
It's not up to me to comment your "guru"'s opinion ;-)
If you're not familar with UNIX/Linux systems administration, then package managers are the way you should do it (doesn't mather which one, most common is rpm).
If you're used to admin Linux, know where all the files go, and should go, know how to install your compiled software, even that you got as source package, then you're most likely lost with any package manager.
IMHO they are useless, cause they only know about packages installed by themselfs. They store this information, according twith the package dependencies, in a proprietary database. If you install somthing without, or with another package manager, the database is out of sync with reality. That's the culprit.
Another dragon to beat with them is what you described: package manager claim to know things better than admins, sometimes, somehow, ...
Again, if you're not used to administratin in detail, use package managers 'cause that make things simple and stable for you. But then you have to life with its restrictions too.
So, this is all off-topic to the question here. Can we please return to the focus of this question.
If you're not familar with UNIX/Linux systems administration, then package managers are the way you should do it (doesn't mather which one, most common is rpm).
If you're used to admin Linux, know where all the files go, and should go, know how to install your compiled software, even that you got as source package, then you're most likely lost with any package manager.
IMHO they are useless, cause they only know about packages installed by themselfs. They store this information, according twith the package dependencies, in a proprietary database. If you install somthing without, or with another package manager, the database is out of sync with reality. That's the culprit.
Another dragon to beat with them is what you described: package manager claim to know things better than admins, sometimes, somehow, ...
Again, if you're not used to administratin in detail, use package managers 'cause that make things simple and stable for you. But then you have to life with its restrictions too.
So, this is all off-topic to the question here. Can we please return to the focus of this question.
ASKER
K. i'll finalize this question now. but i think maybe i should give samri some points too, coz he gave me some useful comments too.
so how can i split the points?
KEN
so how can i split the points?
KEN
well, the grading goes to the most helpfull answer, not a person :-)
Or ask support @ EE to split the points, if more than one comment helped you.
Or ask support @ EE to split the points, if more than one comment helped you.
sorry guys, just came back from emergencies. :(
Pkg manager. Good if you prefer to go by the book. Manuall installation of pkg should work, or even copying binaries of similar platform should be working too.
the Pts part. I *sadly* had to agree with ahoffman on that, since when you clicked on "Accept comment as Anwer", that will be the focus when the Question becames PAQ.
Personally, I would believe that pts (here in EE) should be a token of appreciation, on how the members had contributed.
It's not a big deal anyway. Personally, getting one problem solved is part of "learning" process too (to me). And it's great to know that the comments do make life easier to some people.
cheers.
Pkg manager. Good if you prefer to go by the book. Manuall installation of pkg should work, or even copying binaries of similar platform should be working too.
the Pts part. I *sadly* had to agree with ahoffman on that, since when you clicked on "Accept comment as Anwer", that will be the focus when the Question becames PAQ.
Personally, I would believe that pts (here in EE) should be a token of appreciation, on how the members had contributed.
It's not a big deal anyway. Personally, getting one problem solved is part of "learning" process too (to me). And it's great to know that the comments do make life easier to some people.
cheers.
ASKER
Hi ahoffmann and samri,
i've sent a mail to EE inquiring how to split points and haven't gotten any feedback. Once i get the reply i'll do the splitting and finalize this question. OK?
Thanks again,
KEN
i've sent a mail to EE inquiring how to split points and haven't gotten any feedback. Once i get the reply i'll do the splitting and finalize this question. OK?
Thanks again,
KEN
ken,
I think it will be much faster if you post a 0-pts question in Community Support (https://www.experts-exchange.com/commspt/), and ask for assistance. Just describe what needs to be do, and the Moderator should be able to assist. Don't forget to mention the Question # (https://www.experts-exchange.com/questions/20304527/rwx-setting.html) (copy-paste the link should be OK).
cheers.
I think it will be much faster if you post a 0-pts question in Community Support (https://www.experts-exchange.com/commspt/), and ask for assistance. Just describe what needs to be do, and the Moderator should be able to assist. Don't forget to mention the Question # (https://www.experts-exchange.com/questions/20304527/rwx-setting.html) (copy-paste the link should be OK).
cheers.
I have reduced the points for the split. Now you can accept an experts comment as an answer. After that, make another 50 question for the other expert in this topic area.
Computer101
E-E Moedrator
Computer101
E-E Moedrator
ASKER
Thanks a lot and see you next time!
KEN
KEN
The webserver changes (cd) to the directory to read the files, Without the x-bit set it cannot cd, but read.
2) chmod 000 abc.tar.gz