Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Any way to protect a folder's permissions from changing??

Posted on 2006-11-07
9
Medium Priority
?
281 Views
Last Modified: 2011-10-03
There is a folder where everything in it should be 777... EXCEPT for one folder. How do I protect that folder's permission from any admin from accidently changing the permissions for that folder to 777?? I can forsee this because most of the time they just do a chmod -R 777 to the whole folder, but I want to protect the sub folder from changing. Pls help. Thanks in advance for all the help.
0
Comment
Question by:bemara57
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
9 Comments
 
LVL 38

Accepted Solution

by:
yuzh earned 500 total points
ID: 17894875
if your adm has the kown the root password, you need to tell them not to do it, or
write a procedure to tell them not to do.

But you can stop a someone know the root password to make change in your system.

It is better to cahnge the root password, setup sudo for the adms to run the command they needed.

more details about sudo:
http://www.sudo.ws/sudo/
0
 
LVL 21

Assisted Solution

by:tfewster
tfewster earned 500 total points
ID: 17896113
Write a shell script to set the permissions correctly, and tell all the admins to use that rather than resetting the permissions manually; Put the intsructions in /etc/motd (or equivalent) so they see it every time they log in. And/or run the script regularly from cron - Every minute if needed.

Under what circumstances does the top level folder "lose" its permissions? Could you monitor that condition from a script and take action accordingly?
0
 
LVL 48

Expert Comment

by:Tintin
ID: 17896124
Why do you think you need perms of 777 on a directory structure?  It is very, very rare that you need those types of permissions.
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 43

Assisted Solution

by:ravenpl
ravenpl earned 500 total points
ID: 17896261
> but I want to protect the sub folder from changing.
Is it totally read-only? No files may be added/modified/removed? OR it's acceptable, that additional mean has to be taken before modifying any content of that folder? If so
chattr +i /path/to/foilder
to release the immutable flag
chattr -i /path/to/foilder
0
 
LVL 43

Expert Comment

by:ravenpl
ID: 17896263
Just noticed it's Unix TA - but if Your Unix has the chattr, it will do.
0
 
LVL 6

Assisted Solution

by:JJSmith
JJSmith earned 500 total points
ID: 17942695

Bottom line is you can't stop root doing anything!!

If you want to protect a directory that needs to be a sub-directory in a tree that gets chmod'ed; then you could try this.

example:

tree is /dir1/dir2/dir3/dir4/dir5

code navigates path, so full path needs to remain. dir5 needs to be protected.

1) move dir5 and parent to elsewhere

    mv /dir1/dir2/dir3/dir4   /some_where_else

So now you have
/dir/dir2/dir3
and
/some_where_else/dir5

2) symbolically link the original path with some_where_else.

    ln -s  /some_where_else  /dir1/dir2/dir2/dir4

now you can navigate a path of /dir1/dir2/dir3/dir4/dir5, but when the admin does chmod -R /dir1 the command will get to the symbolic link (dir4) follow it to /some_where_else chmod that directory and then return up. So dir5 should be left alone.

I can't try this just now - but if I remember right a recursive chmod will stop have followed the symbolic link to the directory it points to.

Cheers
JJ


Cheers
JJ
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When you do backups in the Solaris Operating System, the file system must be inactive. Otherwise, the output may be inconsistent. A file system is inactive when it's unmounted or it's write-locked by the operating system. Although the fssnap utility…
I promised to write further about my project, and here I am.  First, I needed to setup the Primary Server.  You can read how in this article: Setup FreeBSD Server with full HDD encryption (http://www.experts-exchange.com/OS/Unix/BSD/FreeBSD/A_3660-S…
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:
In a previous video, we went over how to export a DynamoDB table into Amazon S3.  In this video, we show how to load the export from S3 into a DynamoDB table.
Suggested Courses

670 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question