Hi, what is the chmod number equivalent to dr-xrwx--
This is used on our user directories which prevents us from browsing other peoples accounts on FutureQuest.

Thanks!

x = 1
w = 2
r = 4
d = (it's a directory)

Take each 3 letter section (not counting the D) and add up the values:

rwxr-xr-x == 755
rwxrwxrwx == 777
rw-r--r-- == 644

And so on. From here you should be able to figure the rest out :)

------------------
Justin Nelson
FutureQuest Support

Aha![nbsp][nbsp]570 ![nbsp][nbsp]Thanks!
I was working on a different web host, and you could back up a few directories and browse everyone elses accounts! Of course you couldn't modify anything, but you could download and view their cgi scripts and everything![nbsp][nbsp]This was pair.com![nbsp][nbsp]They are supposed to be one of the big boys![nbsp][nbsp]Sheesh!

[nbsp]I FTP'ed into my FutureQuest account and saw that everyones directories were protected properly with chmod 570.

On the top, you see the dirs as mode 0570, but the bottom end is dynamically driven by the 'Domain_Lockdown' project that took over 6 months to perfect... ;)

If you search through the forums, you will find more detailed explanations of the project...

If 'pair' just went through and 570'd everthing, they would most undoubtably break everything unless they also take the time to customize their core to switch personalities on the fly, depending upon the request...

I can't divulge more than that (proprietary), but I will say that designing and tuning for this project has been most rewarding... :)

--
Terra
--I was told early on it couldn't be done - I wasn't content with that--
FutureQuest

I just threw a 570 on my directory. Everything seems to work ok. Will that cause any problems ?

It could cause problems, but I am not sure how their Apache servers are setup...

There are many daemons that service your domain with varying rights and permissions...

Apache: may or may not be a problem - depends if they run separate Apaches for each client with the correct permissions and uid/gid combo...

Email: depends if they run external mail spools, or they are domain internal like ours...[nbsp][nbsp]Sendmail: external // QMail: internal

FTP: Usually not a problem since you logon as your uid/gid

The above are the top 3 daemons with Apache and Email being the most problematic...[nbsp][nbsp]Our servers are designed 'domain specific' with as much control as possible given to the site owner...

If 570 works for you on Pair, then I can definitely say that you are lucky and would run with it... :)[nbsp][nbsp]This tells me that they are running their higher daemons as root, Apache is running as your uid/gid, and the email is handled via external mail spools...

It all depends on the underlying daemons used...[nbsp][nbsp]Apache, QMail, and the CNC were the real headaches as my security requirements required that each daemon run non-privileged without root access...

Other lessor daemons that need access are: SSL server / Real Audio / AutoResponders / PHP / Perl / etc...

Running 0570 requires orchestrative effort to pull off effectively for all daemons to work with one another...[nbsp][nbsp]Our core is built around flexibility and high performance without reducing capability...

I can't speak for other hosts... ;)

--
Terra
--Magical mystery tour--
FutureQuest

Interesting stuff.[nbsp][nbsp]Thanks so much for the info.
Just to be safe, I changed it to 770.[nbsp][nbsp]This also seems to prevent others from browsing my folders.

Hehe, guess what..[nbsp][nbsp]the 770 made my email forwarding not work, probably because it couldn't see .procmailrc with those permissions.

711 seems to work, but I don't know if 711 is strong enough to prevent browsers.[nbsp][nbsp]Think I can use 770 or 570 on some sub directories like my cgi-bin?