tags:

views:

33

answers:

1
Q: 

Setting chmod for folders + index.html

Hey

I am finishing up a small web-platform I have been doing in my spare time and am going to add a run once script that is executed at creation for each new webpage. The script will run code to restrict ftp access so that people cannot download the ftp includes, some of which contain sql details.

What I was wondering was if adding blank index.html pages to subfolders is a viable secondary measure to prevent people from opening folder listings where they can download said files, or if it's easily bypassed?

Any help is appreciated

+1  A: 

It sounds like you want to use the .htaccess files. Have you already tried and is this something that you cannot do that way? I am going to take a guess that you are using Apache...

MJB  2010-07-12 13:51:10
Yep. But If I set up the page on someone elses server, a domain, those files would no longer be mine to do what I want with. I was going to try running php chmod code on the folders that needed protection.
Rakoon  2010-07-12 14:02:25
I am confused. You are saying that you will have access to copy your web page source code and to chmod the files you want in the directories you want, but not to copy another file to the same directory? Won't the .htaccess file be treated EXACTLY LIKE the other files you do have access to copy and edit?
MJB  2010-07-12 14:10:27
The web platform uses a login system for accessing and changing the site. Inside some subfolders there are files that are used by the site, but should be forbidden to watch or access from a browser. By default the ftp access lets everyone access and even save the files from the subfolders to their computer given that they are able to get or guess the folder names. Therefore, when I set up a new webpage on a new domain I'll make a run once code that makes those folders forbidden. Though, with index.html in the folders the browser will not display the folder contents, but rather a blank page
Rakoon  2010-07-12 15:29:15
OK, that is helpful information, but really only reiterates your question. Maybe I should ask this question: Are you using Apache? And if you are, do you know about the htaccess files?
MJB  2010-07-12 20:38:40
Sorry for the late reply. I read up on htaccess files, haven't used them before. I am using apache for running localhost. Though in all cases where I set up a page for someone, it's whatever web hotel they are using that determines how those are handled???
Rakoon  2010-07-15 16:04:42
@Rakoon: was "web hotel" a typo for "web host"? Either way, I don't get the question in your comment. Are you saying you create a page for someone but it runs on their host, not yours? I don't understand -- sorry.
MJB  2010-07-15 16:58:01
Usually, the people I make pages for don't have their own servers to run the web-pages on, and I don't run a server from where I am, so I use domain/server providers to register and upload the pages. the localhost work I do is only for testing. I solved the problem by using a few chmod("folder", 0751); lines for the folders and file I wanted to restrict access to. The other folders have blank index.html files now, Just so that the server doesn't list files for download if you type in "www.site.com/folder" :)
Rakoon  2010-07-15 19:51:24
@Rakoon: I see. I think you could use the approach you describe, or you could use the .htaccess files. If they give you permission to create a blank index file, they also will likely give you permission to create a standard .htaccess file. Good luck.
MJB  2010-07-15 19:54:04
Yes. That's true- Read that htaccess files was not recommended (At the apache homepage) The index files are probably not a very good way of protecting content, but the folders with index-files does not contain very sensitive information anyways, so they are just there to say "nothing to see here, move along please" in case someone tries to access the folder listing.Thanks for the help, and sorry If my question was a bit obscure.
Rakoon  2010-07-16 01:13:14

related questions

How do I make git ignore mode changes (chmod)?
How to chmod of subdirectories of a provided path (BASH)
Recursive chmod in ruby on mac OS X?
How can I audit all chmod and chgrp commands?
PHP File Permissions... getting it "write"?
Need to change permissions on *nix system to 777
changing chmod for files but not directories
PHP: Setting permissions so I can write a file?
Unsure about correct permissions in running Ruby Scripts
Unable to set chmod 640?
How do i secure a web server's image upload directory ?
Creating executable files in Linux
How to recursively chmod on subdirectories?
filesystem permissions while developing on different machines
Wamp and file permssions using windows
Which files do control the visibility of your website?
PHP mkdir(), chmod() and Windows
check permissions of directories in python
What is the normal CHMod
Unable to make Applications folder writeable in Mac
Why are my file permissions on Apache being reset?
CHMOD and the security for the directories on my server
File permissions in cygwin and MVFS
chmod syntax in FTP-Client on all subdirectories
SSH into Amazon EC2 Instance