Solved

Any way to protect a folder's permissions from changing??

Posted on 2006-11-07
9
275 Views
Last Modified: 2011-10-03
There is a folder where everything in it should be 777... EXCEPT for one folder. How do I protect that folder's permission from any admin from accidently changing the permissions for that folder to 777?? I can forsee this because most of the time they just do a chmod -R 777 to the whole folder, but I want to protect the sub folder from changing. Pls help. Thanks in advance for all the help.
0
Comment
Question by:bemara57
9 Comments
 
LVL 38

Accepted Solution

by:
yuzh earned 125 total points
ID: 17894875
if your adm has the kown the root password, you need to tell them not to do it, or
write a procedure to tell them not to do.

But you can stop a someone know the root password to make change in your system.

It is better to cahnge the root password, setup sudo for the adms to run the command they needed.

more details about sudo:
http://www.sudo.ws/sudo/
0
 
LVL 20

Assisted Solution

by:tfewster
tfewster earned 125 total points
ID: 17896113
Write a shell script to set the permissions correctly, and tell all the admins to use that rather than resetting the permissions manually; Put the intsructions in /etc/motd (or equivalent) so they see it every time they log in. And/or run the script regularly from cron - Every minute if needed.

Under what circumstances does the top level folder "lose" its permissions? Could you monitor that condition from a script and take action accordingly?
0
 
LVL 48

Expert Comment

by:Tintin
ID: 17896124
Why do you think you need perms of 777 on a directory structure?  It is very, very rare that you need those types of permissions.
0
Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

 
LVL 43

Assisted Solution

by:ravenpl
ravenpl earned 125 total points
ID: 17896261
> but I want to protect the sub folder from changing.
Is it totally read-only? No files may be added/modified/removed? OR it's acceptable, that additional mean has to be taken before modifying any content of that folder? If so
chattr +i /path/to/foilder
to release the immutable flag
chattr -i /path/to/foilder
0
 
LVL 43

Expert Comment

by:ravenpl
ID: 17896263
Just noticed it's Unix TA - but if Your Unix has the chattr, it will do.
0
 
LVL 6

Assisted Solution

by:JJSmith
JJSmith earned 125 total points
ID: 17942695

Bottom line is you can't stop root doing anything!!

If you want to protect a directory that needs to be a sub-directory in a tree that gets chmod'ed; then you could try this.

example:

tree is /dir1/dir2/dir3/dir4/dir5

code navigates path, so full path needs to remain. dir5 needs to be protected.

1) move dir5 and parent to elsewhere

    mv /dir1/dir2/dir3/dir4   /some_where_else

So now you have
/dir/dir2/dir3
and
/some_where_else/dir5

2) symbolically link the original path with some_where_else.

    ln -s  /some_where_else  /dir1/dir2/dir2/dir4

now you can navigate a path of /dir1/dir2/dir3/dir4/dir5, but when the admin does chmod -R /dir1 the command will get to the symbolic link (dir4) follow it to /some_where_else chmod that directory and then return up. So dir5 should be left alone.

I can't try this just now - but if I remember right a recursive chmod will stop have followed the symbolic link to the directory it points to.

Cheers
JJ


Cheers
JJ
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Shell script errors 10 113
why my ssh-ldap-helper and ssh-ladp-wrapper files are missing on a new AWS instance? 24 254
aix tls version 6 212
Problem logging tar errors 11 54
Hello fellow BSD lovers, I've created a patch process for patching openjdk6 for BSD (FreeBSD specifically), although I tried to keep all BSD versions in mind when creating my patch. Welcome to OpenJDK6 on BSD First let me start with a little …
FreeBSD on EC2 FreeBSD (https://www.freebsd.org) is a robust Unix-like operating system that has been around for many years. FreeBSD is available on Amazon EC2 through Amazon Machine Images (AMIs) provided by FreeBSD developer and security office…
This video shows how to set up a shell script to accept a positional parameter when called, pass that to a SQL script, accept the output from the statement back and then manipulate it in the Shell.
In a previous video, we went over how to export a DynamoDB table into Amazon S3.  In this video, we show how to load the export from S3 into a DynamoDB table.

914 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now