Notes on Directory protections

set via the "chmod" command.
see "man chmod"


    user      group      other
 [ ][ ][ ]  [ ][ ][ ]  [ ][ ][ ]

r - read (can do ls)
w - write
x - search (can access files given their name)

2^9 possible combinations 
might differentiate between group (rw) and other
if not, 2^6 combinations

user bits

(note if turned off,
 user has power to turn them on anytime):

 [ ][ ][-]  	why would you not want to be able 
		 to access files?

	perhaps hide the files of a directory
	 to exclude them from an exhaustive grep/find 
	 on all your files from root dir down,
	(e.g. hide old data files from the grep),
	un-hide them afterward

 [r][-][x]	write-protect for safety
		 (like floppy diskette - annoying?)

 [-][ ][ ]  	why would you not want ls?
		long-term backup - hide them for years
		would want to use [-][ ][-]

	perhaps binaries (plus data files) you have 
	 downloaded and installed:
	you -own- them yes, but you didn't write them
	so their install prog might hide them
	 from you (analogy with C:/Windows),
	keep dir executable so files can still
	 be used by the program

 [r][w][x]	normal

group/other

if always went for rwx for user, 
2^3 combinations for group/others
skip this:

 [r][ ][-]	why read if you can't access files?
		e.g. with this on web, 
		can see file list but can't browse them

and there remains:

 [r][w][x]	normal shared /tmp directory, 
		can create/delete files 

 [r][-][x] (1)	normal shared dir

 [-][w][x]	ftp drop-box, can drop file,
	        can access my own files, but can't see others

 [-][w][-]	ftp drop-box where can't re-access file?

 [-][-][x] (3)	normal shared dir,
		can't explore without filenames, e.g. web dir

 [-][-][-] (2)	normal



e.g. web dirs:

 [r][-][x] (1)	can do ls

  See How to get a raw directory listing
  of somebody's web files.


 [-][-][x] (3)	can only browse named files 
		the names are -in the links-
		(can't do an ls to get them)

		the site author -must- advertise 
		a starting point (a web page from which 
		 all other web pages can be found by
		 following links alone)


tend to do just:

 norm (1)
 hide (2)
 semihide (3)

ABSOLUTE minimum needed for:

Web directories 
(HTTP requests come in as "other" not "group"):

 drwx-----x

CGI directories:

 drwx-----x