Dr. Mark Humphrys

School of Computing. Dublin City University.

Home      Blog      Teaching      Research      Contact

Search:

CA216      CA249      CA318

CA400      CA651      CA668


Notes on Directory protections


    user      group      other
 [ ][ ][ ]  [ ][ ][ ]  [ ][ ][ ]

r - read (can do ls)
w - write
x - search (can access files given their name)




user bits

Note if turned off, user has power to turn them on any time.

[r][-][x] write-protect for safety
annoying?
[r][w][x] normal



group/other bits

[r][w][x] shared writable directory
can create/delete files
[r][-][x] shared read-only directory
can do ls
If web dir is like this, users may be able to get a raw directory listing of the web files.
[-][-][x] shared read-only dir
can't do ls
can access file if know its name
can't explore without filenames

Example: web dir
can only browse named files
the names are in the links (can't do an ls to get them)
the site must advertise a starting point (a web page from which all other web pages can be found by following links alone)

[-][-][-] normal - hidden


Example of use in web directories

Inside mhtest15/public_html:
drwx---r-x    readabledir
drwx-----x    executabledir



.htaccess control

The behaviour of listing directory contents or not can be finely controlled with Options +Indexes (or Options -Indexes) in .htaccess files.



Absolute minimum needed for:

Web directories (HTTP requests come in as "other"):

 drwx-----x

CGI directories:

 drwx-----x



Feeds      w2mind.org

On Internet since 1987.