Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Any way to protect a folder's permissions from changing??

Posted on 2006-11-07
9
Medium Priority
?
282 Views
Last Modified: 2011-10-03
There is a folder where everything in it should be 777... EXCEPT for one folder. How do I protect that folder's permission from any admin from accidently changing the permissions for that folder to 777?? I can forsee this because most of the time they just do a chmod -R 777 to the whole folder, but I want to protect the sub folder from changing. Pls help. Thanks in advance for all the help.
0
Comment
Question by:bemara57
9 Comments
 
LVL 38

Accepted Solution

by:
yuzh earned 500 total points
ID: 17894875
if your adm has the kown the root password, you need to tell them not to do it, or
write a procedure to tell them not to do.

But you can stop a someone know the root password to make change in your system.

It is better to cahnge the root password, setup sudo for the adms to run the command they needed.

more details about sudo:
http://www.sudo.ws/sudo/
0
 
LVL 21

Assisted Solution

by:tfewster
tfewster earned 500 total points
ID: 17896113
Write a shell script to set the permissions correctly, and tell all the admins to use that rather than resetting the permissions manually; Put the intsructions in /etc/motd (or equivalent) so they see it every time they log in. And/or run the script regularly from cron - Every minute if needed.

Under what circumstances does the top level folder "lose" its permissions? Could you monitor that condition from a script and take action accordingly?
0
 
LVL 48

Expert Comment

by:Tintin
ID: 17896124
Why do you think you need perms of 777 on a directory structure?  It is very, very rare that you need those types of permissions.
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 
LVL 43

Assisted Solution

by:ravenpl
ravenpl earned 500 total points
ID: 17896261
> but I want to protect the sub folder from changing.
Is it totally read-only? No files may be added/modified/removed? OR it's acceptable, that additional mean has to be taken before modifying any content of that folder? If so
chattr +i /path/to/foilder
to release the immutable flag
chattr -i /path/to/foilder
0
 
LVL 43

Expert Comment

by:ravenpl
ID: 17896263
Just noticed it's Unix TA - but if Your Unix has the chattr, it will do.
0
 
LVL 6

Assisted Solution

by:JJSmith
JJSmith earned 500 total points
ID: 17942695

Bottom line is you can't stop root doing anything!!

If you want to protect a directory that needs to be a sub-directory in a tree that gets chmod'ed; then you could try this.

example:

tree is /dir1/dir2/dir3/dir4/dir5

code navigates path, so full path needs to remain. dir5 needs to be protected.

1) move dir5 and parent to elsewhere

    mv /dir1/dir2/dir3/dir4   /some_where_else

So now you have
/dir/dir2/dir3
and
/some_where_else/dir5

2) symbolically link the original path with some_where_else.

    ln -s  /some_where_else  /dir1/dir2/dir2/dir4

now you can navigate a path of /dir1/dir2/dir3/dir4/dir5, but when the admin does chmod -R /dir1 the command will get to the symbolic link (dir4) follow it to /some_where_else chmod that directory and then return up. So dir5 should be left alone.

I can't try this just now - but if I remember right a recursive chmod will stop have followed the symbolic link to the directory it points to.

Cheers
JJ


Cheers
JJ
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Introduction Regular patching is part of a system administrator's tasks. However, many patches require that the system be in single-user mode before they can be installed. A cluster patch in particular can take quite a while to apply if the machineā€¦
Every server (virtual or physical) needs a console: and the console can be provided through hardware directly connected, software for remote connections, local connections, through a KVM, etc. This document explains the different types of consolā€¦
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:
This video shows how to set up a shell script to accept a positional parameter when called, pass that to a SQL script, accept the output from the statement back and then manipulate it in the Shell.
Suggested Courses

916 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question