Solved

Any way to protect a folder's permissions from changing??

Posted on 2006-11-07
9
277 Views
Last Modified: 2011-10-03
There is a folder where everything in it should be 777... EXCEPT for one folder. How do I protect that folder's permission from any admin from accidently changing the permissions for that folder to 777?? I can forsee this because most of the time they just do a chmod -R 777 to the whole folder, but I want to protect the sub folder from changing. Pls help. Thanks in advance for all the help.
0
Comment
Question by:bemara57
9 Comments
 
LVL 38

Accepted Solution

by:
yuzh earned 125 total points
ID: 17894875
if your adm has the kown the root password, you need to tell them not to do it, or
write a procedure to tell them not to do.

But you can stop a someone know the root password to make change in your system.

It is better to cahnge the root password, setup sudo for the adms to run the command they needed.

more details about sudo:
http://www.sudo.ws/sudo/
0
 
LVL 20

Assisted Solution

by:tfewster
tfewster earned 125 total points
ID: 17896113
Write a shell script to set the permissions correctly, and tell all the admins to use that rather than resetting the permissions manually; Put the intsructions in /etc/motd (or equivalent) so they see it every time they log in. And/or run the script regularly from cron - Every minute if needed.

Under what circumstances does the top level folder "lose" its permissions? Could you monitor that condition from a script and take action accordingly?
0
 
LVL 48

Expert Comment

by:Tintin
ID: 17896124
Why do you think you need perms of 777 on a directory structure?  It is very, very rare that you need those types of permissions.
0
Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

 
LVL 43

Assisted Solution

by:ravenpl
ravenpl earned 125 total points
ID: 17896261
> but I want to protect the sub folder from changing.
Is it totally read-only? No files may be added/modified/removed? OR it's acceptable, that additional mean has to be taken before modifying any content of that folder? If so
chattr +i /path/to/foilder
to release the immutable flag
chattr -i /path/to/foilder
0
 
LVL 43

Expert Comment

by:ravenpl
ID: 17896263
Just noticed it's Unix TA - but if Your Unix has the chattr, it will do.
0
 
LVL 6

Assisted Solution

by:JJSmith
JJSmith earned 125 total points
ID: 17942695

Bottom line is you can't stop root doing anything!!

If you want to protect a directory that needs to be a sub-directory in a tree that gets chmod'ed; then you could try this.

example:

tree is /dir1/dir2/dir3/dir4/dir5

code navigates path, so full path needs to remain. dir5 needs to be protected.

1) move dir5 and parent to elsewhere

    mv /dir1/dir2/dir3/dir4   /some_where_else

So now you have
/dir/dir2/dir3
and
/some_where_else/dir5

2) symbolically link the original path with some_where_else.

    ln -s  /some_where_else  /dir1/dir2/dir2/dir4

now you can navigate a path of /dir1/dir2/dir3/dir4/dir5, but when the admin does chmod -R /dir1 the command will get to the symbolic link (dir4) follow it to /some_where_else chmod that directory and then return up. So dir5 should be left alone.

I can't try this just now - but if I remember right a recursive chmod will stop have followed the symbolic link to the directory it points to.

Cheers
JJ


Cheers
JJ
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Why Shell Scripting? Shell scripting is a powerful method of accessing UNIX systems and it is very flexible. Shell scripts are required when we want to execute a sequence of commands in Unix flavored operating systems. “Shell” is the command line i…
Every server (virtual or physical) needs a console: and the console can be provided through hardware directly connected, software for remote connections, local connections, through a KVM, etc. This document explains the different types of consol…
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:

821 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question