What are the octal permissions of the directories /usr/lib?

Optimizing permissions in Unix

I am running a large website hosted on Unix Apache. I want to optimize the various permission settings for files and directories to improve the security. When I say inaccesible below I mean -not being downloadable through the web or "site downloader" applications or ideally other more advanced solutions. What I want to achieve is: -make any files and dirs under cg-bin totally inaccessible for anyone but my own scripts running under my domain -limit the access to various dirs (graphics and javascript files etc under separete dirs) at root level as far as possible while still accessible for execution by html and scripts under my domain I have come across websites that kick me out from directories when trying to download its files through "site downloaders" or direct from the web, whilst other sites obviously are more "open". Please advice. Many thanks
Answer:

Hi, The easiest way to achieve what you want it probably through a combination of Apache access control and rewrites. I will provide the following examples to try, test them and see if they are sufficent. For each of the options below, there are two ways the can generally be applied. 1) <Directory> blocks. 2) .htaccess files. The first can be incorporated within the second. For example, say my web-root is /home/sycophant/public_html I can create a file in there called .htaccess (this may depend on server configuration) which can contain Apache directives. These directives will affect that directory and any sub-directories, until they are overridden (by another .htaccess with different rules, for example) The <Directory> method can be used in a .htaccess file, or within the Apache config files. It is used like so: <Directory /home/sycophant/public_html> Directive Value Directive Value </Directory> Again, this will apply to sub directories until it is overridden. Make files and directories under cg-bin (cgi-bin?) inaccessable: .htaccess: Create a .htaccess in the cgi-bin directory and add the directives below. <Directory>: Create a <Directory> block for the cgi-bin directory and add the directives below. Directives: Order Deny,Allow Deny From All Allow From None Restrict access to resources in certain directories: For each directory, create either a .htaccess or <Directory> configuration to execute the following directives Method 1 - Requires mod_access and mod_setenvif Directives: Options -Indexes SetEnvIf Referer ^http://www.yoursitename.com/ allow_load Order Deny,Allow Deny From All Allow From env=allow_load Method 2 - Require mod_rewrite Directives: Options -Indexes RewriteEngine On RewriteCond %{HTTP_REFERER} ^http://www.yoursitename.com/ RewriteRule (.*) $1 [F] This should disallow the direct accessing of any of the files within the directory. Also, the addition of the option "-Indexes" means that people will not be presented with a directory index when visiting a directory without an index.html. The limitation with the above methods of restricting access to the resources is that a very determined person can still get them - they are relying on the HTTP header 'Referer' to determine if the object is being called from within one of your own pages or not. If you administer your own server, all of these implementations should be quite easy to implement. However, if you are on a shared server which you do not control, then you may find some of the options restricted by the server's administrator. Also, overall there is nothing you can do really to really enforce restrictions on web content. If it is in a web-accessible directory, in can generally be retrieved. The difference between a graphic or file being called by your page, and being downloaded by a downloader is just a few HTTP headers. And those can be faked. Check out the following Apache manual pages, all are found easily from the main Apache documentation ( http://httpd.apache.org/docs/ ): Mod_access - Access control (Order, Deny, Allow etc) http://httpd.apache.org/docs/mod/mod_access.html Mod_setenvif - SetEnvIf - environment variable setting http://httpd.apache.org/docs/mod/mod_setenvif.html Mod_rewrite - URL Rewriting http://httpd.apache.org/docs/mod/mod_rewrite.html Mod_rewrite guide - Practical rewriting examples http://httpd.apache.org/docs/misc/rewriteguide.html Options directive - Set various per-directory options http://httpd.apache.org/docs/mod/core.html#options <Directory> directive - Per directory configuration http://httpd.apache.org/docs/mod/core.html#directory .htaccess tutorial http://apache-server.com/tutorials/ATusing-htaccess.html I hope this helps. Regards, Sycophant-ga

snoopyatwork2003-ga at Google Answers Visit the source

Was this solution helpful to you?

Related Q & A:

Is there any functional-like Unix shell?Best solution by Super User
Is there a way to fix home folder permissions remotely?Best solution by Super User
Unix tools: what if a file is named minus something?Best solution by Super User
Can I change devices permissions with chmod?Best solution by Unix and Linux
How to check on all the permissions granted to a user and apply the same permissions to another user?Best solution by Stack Overflow

Just Added Q & A:

How many active mobile subscribers are there in China?Best solution by Quora
How to find the right vacation?Best solution by bookit.com
How To Make Your Own Primer?Best solution by thekrazycouponlady.com
How do you get the domain & range?Best solution by ChaCha
How do you open pop up blockers?Best solution by Yahoo! Answers

For every problem there is a solution! Proved by Solucija.

Got an issue and looking for advice?
Ask Solucija to search every corner of the Web for help.
Get workable solutions and helpful tips in a moment.

Just ask Solucija about an issue you face and immediately get a list of ready solutions, answers and tips from other Internet users. We always provide the most suitable and complete answer to your question at the top, along with a few good alternatives below.