First, a
WARNING:
If you try this, other local users on your system will not be able to read files or run programs in directories that they do not somehow own (as the owner user or as a member of the owner group). The most obvious potential problem is with the critical programs in /bin, /usr/bin, and so on. If the user can't even run his login shell, the only user that will be able to log in is root. Users will have to be added to these groups. You may even have to create groups for the directories currently owned by the root group, since it's usually a bad idea to add normal users to the root group.
There may be better, less drastic ways of doing this. A chroot jail would be one. Before you attempt this sort of large change to your system, I'd suggest at least googling for chroot jail to see if that is what you're looking for.
You may even want to ask in another LinuxQuestions forum, to see if others believe this is a Good Idea (others may have better insight that I).
Now, for the answer:
Single command to remove execute permissions from all directories which are not /var/www/html and are not within /var/www/html:
Code:
find / -path "/var/www/html" -prune -o \( -type d -exec ls -ld "{}" \; -exec chmod o-x "{}" \; \) > previous_permissions
That needs to be run as root (of course). In case anything goes wrong, the last few arguments to find instruct it to print the current permissions of the file it's going to change with ls before it actually changes them with chmod. Since all this output will be saved in the file "previous permissions", there is a backup plan if something unanticipated goes wrong (you can restore the original permissions). Restoring those permissions by hand will be a major pain, though. Think this over before you try it.
I've tested that command on my system within a test directory, and I believe it will work... but if something does go wrong, refer back to that file.
The logic of the command is:
For each file in /
if the file is or is within /var/www/html, continue with the next file
otherwise:if the file is a directory:
print the current permissions
remove execute permissions from other users
and put all output in the file "previous_permissions".
Good luck, and be careful when typing that command if you decide to use it. There is a great potential for problems if you aren't careful with this.