Hi all,

I create a directory called mydir.

I would like to set up a link to that directory such that the link has r-xr-xr-x permissions whereas the directory itself has rwxrwxrwx permissions.

Does anyone know how to do this?

I know that ln only permits symbolic links to directories and that any permission changes made to the link are actually made to the directory to which the link points (which is clearly not what I want!).

Any help much appreciated.

Mike.

If the user still has access to the rwxrwxrwx (world writable - very bad idea!) directory, then what is the point in limiting access to the symlink? You could put it in a parent directory with limited permissions, but as it's just a symlink, the directory permissions and permissions on the files/subdirs will still be the same as in the ordinary directory.

If you want different users to access a directory differently, maybe you need to mount it differently (ie mount it as read-write or read-only). Check out mount's "bind" option for starters.

from the chmod manual: "the permissions of symbolic links are never used"

Thanks for your advice, much appreciated.

Need to make another post in order to post URLs! (Sorry about this).

Sorry about that, I don't know how to stop the message composer thing on this site from automatically sticking url tags around anything "www".

Thanks for your rapid replies, much appreciated.

Perhaps it might help if I explain my reasons for wanting to do this:

I have rented space on a linux web server.
It is not possible to change the webserver options.

I have a domain: www.mydomain.com
I would like to set up a subdomain: sub.mydomain.com

The URLs are resolved as follows:

www.mydomain.com points to the server-side directory ./main.
sub.mydomain.com points to ./sub.

What I'd like to do is this:

./sub points to ./main/sub (by whatever mechanism).

I have some PHP code (call it myscript.php) in ./main which (among other things) writes XML and HTML documents to ./main/sub (from a normal HTTP request from a client) such that they are accessible via sub.mydomain.com (i.e. via ./sub). Thinking about the security implications, I want ./sub to have read-only permissions, whereas ./main/sub must have rwxr-xrwx permissions at least in order for myscript.php to be able to write to ./main/sub.

Any additional advice much appreciated

Thanks,

Mike.

Making /main/sub rw for the user Apache runs under (the same user that runs myscript.php, presumably), is still a security hazard, regardless if you protect ./sub or not.

Think of it this way:
if your user looks for something under ./sub, he'll get redirected to ./main/sub by your PhP script, right?
But what happens if he decides to directly access ./main/sub/something? Then he'll still have rw access!
Restricting access on ./sub will only protect myscript.php, as far as I know.

If you can't access the webserver settings nor the DNS settings, I'd say your only option would be to make ./sub a symlink (or hard link) to ./main/sub. No redirection needed in that case and hence no myscript.php nor write access.

Ok, I see what you mean! Thanks.

Just a note - I fixed it in the end with .htaccess - no need for writeable directories at all! (and now I understand what .htaccess is and what it does).

You learn something new every day

(Well, I do at least!).