Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium


chmod and chgrp on user  linux account

Posted on 2014-08-29
Medium Priority
Last Modified: 2014-08-30
Dear Experts,

Now I would like to open my VPS site to visitor. Before doing that, I need to
set all my directories and files to be read only (including download file from visitors).
And I know if don't put any index.html or inde.php at the directories, it will
show  the directories content such as file tress on browser. How to not to read the file trees by visitor.

Is there any existing linux script doing for ALL  change the read mode with my user group for all
file and directories  and its sub-directoried
under my VPS user account directory when visitors visit my site and the script  meets the requirement mentioned above ?  SO I need to take use
chgrp besides chmod command in the script.

For uploading file from visitors, do I need to set write and read for the uploading directory
in my server, how  ?

Please advise

Question by:rwniceing

Accepted Solution

Wilder_Admin earned 700 total points
ID: 40292260
the easiest way when you do not have a security concept is to login by ftp on your server to set the permissions and to test. you can use www2ftp.de for example.

The security concept is user group anyone means the first number is the permission for users the second for the group and the last for every one normally you should set 750. So you can still have full access the group normally the apache group has only read execute and anonymous 0

You can read how to do: http://serverfault.com/questions/357108/what-permissions-should-my-website-files-folders-have-on-a-linux-webserver
LVL 31

Assisted Solution

serialband earned 800 total points
ID: 40292532
If I'm reading correctly, I believe you just need to use the -R option to chgrp and chmod to change it for all subdirectories.

Change the group to your home folder and everything under.
chgrp -R My_Group ~

Remove write permissions from the group and other in your home folder and everything under
chmod -R g-w,o-w ~

Author Comment

ID: 40292577
g-w  and o-w is equal to 744 or something else ?

how to not to show file directories tree on browser  if the index.php or inde.html is not existing on
those directories ? For example, when you type http://,mysite.com/php/store/ , it will show the
directory  or file tress on browser since there is no any index file.
NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

LVL 31

Assisted Solution

serialband earned 800 total points
ID: 40293552
It's subtracting the w or write from group and other without changing the other permission bits.

It could be 755 or 744 or 711 or 700, depending on what you had before.

What do you mean exactly?  Do you want to disable directory listing?  Then you remove the read bit but leave the execute bit for the directory.  The files should still have the read bit.  Set the directory to 711 but leave the files with 744.  If you have scripts, you may need to set those files to 755.  That's why you use the g-w, o-w options to only remove the write bit.
LVL 62

Assisted Solution

gheist earned 500 total points
ID: 40293949
You can chroot their sftp account. Or FTP account... as you prefer. No need to change permissions.

Author Closing Comment

ID: 40295112
Thanks for your reply

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Join Greg Farro and Ethan Banks from Packet Pushers (http://packetpushers.net/podcast/podcasts/pq-show-93-smart-network-monitoring-paessler-sponsored/) and Greg Ross from Paessler (https://www.paessler.com/prtg) for a discussion about smart network …
Often times it's very very easy to extend a volume on a Linux instance in AWS, but impossible to shrink it. I wanted to contribute to the experts-exchange community a way of providing a procedure that works on an AWS instance. It can also be used on…
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…
Suggested Courses
Course of the Month13 days, 16 hours left to enroll

580 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question