Thursday, February 03, 2011

How do you prevent other linux users from listing your files in a directory?

I'd got this question from Ahmet from Turkey via Aardvark. I'd known this answer for a while and it was trivial to reply. For posterity, here's my answer:


The short and sweet answer:

1) Use the chmod tool to remove the "others read/write/execute" permission bits from the directories that you don't want others to be viewing. A command like 


   chmod 750 /path/to/directory/root 

should do the trick. You might even want to consider the -R option for recursive application of these permissions.

Note: if you don't use the recursive option, you might be able to ls or cd into a subdirectory even if the parent directory has the permissions disabled.


2) For an explanation of why this works, just have a look at this site: http://www.perlfect.com/articles/chmod.shtml - the directory permissions section should make things clear.

A short synopsis is:
Read permission on a directory - Allows ls to list the files in the directory
Write permission on a directory - Allows files to be deleted
Execute permission on a directory - Allows a user to cd into the directory

Technically:
Read - Read the directory inode and hence list the files and related info
Write - Modify the directory inode
Execute - Allow a chdir(...) system call to succeed on the particular inode

Removing these permissions is akin to saying that you don't want anybody else messing around with this inode (that you own).
If you want to know more about inodes, check out Inodes on Wikipedia.