LinuxQuestions.org - chmod 777 664

- Linux - Server (https://www.linuxquestions.org/questions/linux-server-73/)

- - chmod 777 664 (https://www.linuxquestions.org/questions/linux-server-73/chmod-777-664-a-646628/)

Hey i am trying to chmod my /home folder to read, and every /upload folder that excists in /home must be 775. So what i did was

chmod -R 664 /home
chmod 775 */*/upload
chmod 775 */*/Upload

But when i do the chmod for home with 664 the users cant login anymore, and when i set it to 777 my users can login? Is 664 not good, or what should i do?

thx

You need executable permissions to access a directory. So try 755 or 775, 644 will not work.
Edit: saw this on the freebsd handbook, this should clarify things:

Quote:

The executable bit for a directory has a slightly different meaning than that of files. When a directory is marked executable, it means it can be traversed into, that is, it is possible to “cd” (change directory) into it. This also means that within the directory it is possible to access files whose names are known (subject, of course, to the permissions on the files themselves).

In particular, in order to perform a directory listing, read permission must be set on the directory, whilst to delete a file that one knows the name of, it is necessary to have write and execute permissions to the directory containing the file.

find /home -type d -exec chmod 775 {} +
find /home ! -type d -exec chmod 664 {} +

would have been better because you can't access your own files if the directories don't have 'execute' permission.
Anyway, I wouldn't execute the above commands on my home directory: executable files (if any) wouldn't be executable anymore.

Yves.

find /home -type d -exec chmod 775 {} +
find: missing argument to `-exec'

find /home ! -type d -exec chmod 664 {} +

find: missing argument to `-exec'

:(

I think you end it with a \; instead if a +.
As the Yeti says, running the 2nd command is not really recommended if you have executables in /home.

Older versions of find don't know the '+' syntax. From the man page here with Mandriva 2008.0:

Code:

      -exec command ;

              Execute command; true if 0 status is returned.  All following arguments to find are  taken  to

              be  arguments  to  the command until an argument consisting of ‘;' is encountered.  The string

              ‘{}' is replaced by the current file name being processed everywhere it occurs  in  the  argu‐

              ments  to  the  command, not just in arguments where it is alone, as in some versions of find.

              Both of these constructions might need to be escaped (with a ‘\') or quoted  to  protect  them

              from  expansion by the shell.  See the EXAMPLES section for examples of the use of the ‘-exec'

              option.  The specified command is run once for each matched file.  The command is executed  in

              the starting directory.  There are unavoidable security problems surrounding use of the -exec

              option; you should use the -execdir option instead.



      -exec command {} +

              This variant of the -exec option runs the specified command on the  selected  files,  but  the

              command  line  is  built  by appending each selected file name at the end; the total number of

              invocations of the command will be much less than the number of matched  files.  The  command

              line  is built in much the same way that xargs builds its command lines.  Only one instance of

              '{}' is allowed within the command.  The command is executed in the starting directory.



      -execdir command ;



      -execdir command {} +

              Like -exec, but the specified command is run from  the  subdirectory  containing  the  matched

              file,  which is not normally the directory in which you started find.  This a much more secure

              method for invoking commands, as it avoids race conditions during resolution of the  paths  to

              the  matched  files.  As with the -exec option, the '+' form of -execdir will build a command

              line to process more than one matched file, but any given invocation of command will only list

              files  that exist in the same subdirectory.  If you use this option, you must ensure that your

              $PATH environment variable does not reference the current directory;  otherwise,  an  attacker

              can  run any commands they like by leaving an appropriately-named file in a directory in which

              you will run -execdir.

And arungoodboy is right: the ';' must be "escaped" (\;) else the shell will take it for itself.

Yves.

so i did
find /home -type d -exec chmod 775 {} \;
find /home ! -type d -exec chmod 664 {} \;

k but now still all folders are still fully righted, i can still can upload to /home folders and /upload folders? So somethings is still off.
Cause i just want that all folders are readeble but you cannot change anything or delete anything or upload anything to that folder. And to all /upload folders they can do what the heck they want with .

maybe this info helps, my user home folders work as ftp server. The users itself can not upload any data to their home folder unless its in the upload folder.
for example:
/home/jack/upload