Solved

Any way to protect a folder's permissions from changing??

Posted on 2006-11-07
9
274 Views
Last Modified: 2011-10-03
There is a folder where everything in it should be 777... EXCEPT for one folder. How do I protect that folder's permission from any admin from accidently changing the permissions for that folder to 777?? I can forsee this because most of the time they just do a chmod -R 777 to the whole folder, but I want to protect the sub folder from changing. Pls help. Thanks in advance for all the help.
0
Comment
Question by:bemara57
9 Comments
 
LVL 38

Accepted Solution

by:
yuzh earned 125 total points
ID: 17894875
if your adm has the kown the root password, you need to tell them not to do it, or
write a procedure to tell them not to do.

But you can stop a someone know the root password to make change in your system.

It is better to cahnge the root password, setup sudo for the adms to run the command they needed.

more details about sudo:
http://www.sudo.ws/sudo/
0
 
LVL 20

Assisted Solution

by:tfewster
tfewster earned 125 total points
ID: 17896113
Write a shell script to set the permissions correctly, and tell all the admins to use that rather than resetting the permissions manually; Put the intsructions in /etc/motd (or equivalent) so they see it every time they log in. And/or run the script regularly from cron - Every minute if needed.

Under what circumstances does the top level folder "lose" its permissions? Could you monitor that condition from a script and take action accordingly?
0
 
LVL 48

Expert Comment

by:Tintin
ID: 17896124
Why do you think you need perms of 777 on a directory structure?  It is very, very rare that you need those types of permissions.
0
What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

 
LVL 43

Assisted Solution

by:ravenpl
ravenpl earned 125 total points
ID: 17896261
> but I want to protect the sub folder from changing.
Is it totally read-only? No files may be added/modified/removed? OR it's acceptable, that additional mean has to be taken before modifying any content of that folder? If so
chattr +i /path/to/foilder
to release the immutable flag
chattr -i /path/to/foilder
0
 
LVL 43

Expert Comment

by:ravenpl
ID: 17896263
Just noticed it's Unix TA - but if Your Unix has the chattr, it will do.
0
 
LVL 6

Assisted Solution

by:JJSmith
JJSmith earned 125 total points
ID: 17942695

Bottom line is you can't stop root doing anything!!

If you want to protect a directory that needs to be a sub-directory in a tree that gets chmod'ed; then you could try this.

example:

tree is /dir1/dir2/dir3/dir4/dir5

code navigates path, so full path needs to remain. dir5 needs to be protected.

1) move dir5 and parent to elsewhere

    mv /dir1/dir2/dir3/dir4   /some_where_else

So now you have
/dir/dir2/dir3
and
/some_where_else/dir5

2) symbolically link the original path with some_where_else.

    ln -s  /some_where_else  /dir1/dir2/dir2/dir4

now you can navigate a path of /dir1/dir2/dir3/dir4/dir5, but when the admin does chmod -R /dir1 the command will get to the symbolic link (dir4) follow it to /some_where_else chmod that directory and then return up. So dir5 should be left alone.

I can't try this just now - but if I remember right a recursive chmod will stop have followed the symbolic link to the directory it points to.

Cheers
JJ


Cheers
JJ
0

Featured Post

Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

Join & Write a Comment

Hello fellow BSD lovers, I've created a patch process for patching openjdk6 for BSD (FreeBSD specifically), although I tried to keep all BSD versions in mind when creating my patch. Welcome to OpenJDK6 on BSD First let me start with a little …
My previous tech tip, Installing the Solaris OS From the Flash Archive On a Tape (http://www.experts-exchange.com/articles/OS/Unix/Solaris/Installing-the-Solaris-OS-From-the-Flash-Archive-on-a-Tape.html), discussed installing the Solaris Operating S…
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
This video shows how to set up a shell script to accept a positional parameter when called, pass that to a SQL script, accept the output from the statement back and then manipulate it in the Shell.

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now