Prevent directory listing of shared folders

niknospam · 10-16-2006, 11:36 AM

Hi all,

I was researching a solution to a problem I am facing with my Snap Server 14000 when I came across this forum. I'm really hoping you can help me.

I need to make my shares available via HTTP. But I want to configure the Snap so that the web interface does not offer directory listings. If you know the file name you want, you should be able to download it. If you don't know it, you should not be able to browse a list of every file I have on my share, and select the one you want. Currently, if you click a share name, you get a list of directories in that share. Then, you could click on the directory name to see every file under it.

Do you know how I could prevent the directory listing? I have tried playing with permissions through the web GUI, but haven't had any success. There is also a config file, /flash/config.ini that has a "browsedir = yes" directive under the [http] section. Changing this to "no" doesn't help either.

Any suggestions/ideas?

Thanks!
NikNoSpam

Hallis · 10-16-2006, 11:43 AM

We know fairly little about the guardian OS. If it's truely close to linux base all you'd have to do is get into a command and "chmod" the certain directlry to allow different viewable permissions to different user levels. I dont know if the Guardian OS allows for this or if it can be done at all.

Shane

blue68f100 · 10-16-2006, 12:58 PM

Normal you can use the security setting to restrict users. The way I do this, is only give the user read rights to the file. DO Not give user read access to the directory or other files in the directory, corrects the problem. Have it remain under root or some other user. But you have to do it for each file, and provide a link directly to the file.
I hope this helps.

niknospam · 10-16-2006, 01:02 PM

Shane,

Thanks for your idea. I tried to do what you suggested. Indeed you can chmod the file/directory, but it seems to have no impact on the directory listing. The file (and directories) are owned by "admin". Doing a "ps" shows that Apache is also run as "admin". Since it is the same user, I can't think of a way to work the permissions so that Apache can't list the files. (what I'm implying is that I think the GUI uses the permissions of Apache to list the files, rather than the anonymous user who just browses the website).

What do you think?

niknospam · 10-16-2006, 01:15 PM

blue68f100, Shane,

Ok, both your approaches are similar, and using directory security does work. Now I need to figure out how I can do it so that my files are not owned by "admin" (I have a scripted bulk copy to my Snap every night, I will have to re-work parts of that). I appreciate your help with pointing me in the right direction!

Thanks!
NikNoSpam

Hallis · 10-16-2006, 01:20 PM

you can make a script create a list of the file names, and then go back and chmod the file with the appropriate access. "chmod ### filename" for each file in the script list.

10-16-2006, 11:36 AM	#1
niknospam Cooling Neophyte Join Date: Oct 2006 Location: Texas Posts: 3	Prevent directory listing of shared folders Hi all, I was researching a solution to a problem I am facing with my Snap Server 14000 when I came across this forum. I'm really hoping you can help me. I need to make my shares available via HTTP. But I want to configure the Snap so that the web interface does not offer directory listings. If you know the file name you want, you should be able to download it. If you don't know it, you should not be able to browse a list of every file I have on my share, and select the one you want. Currently, if you click a share name, you get a list of directories in that share. Then, you could click on the directory name to see every file under it. Do you know how I could prevent the directory listing? I have tried playing with permissions through the web GUI, but haven't had any success. There is also a config file, /flash/config.ini that has a "browsedir = yes" directive under the [http] section. Changing this to "no" doesn't help either. Any suggestions/ideas? Thanks! NikNoSpam

10-16-2006, 11:43 AM	#2
Hallis Cooling Savant Join Date: Oct 2001 Location: Dallas, Tx Posts: 469	Re: Prevent directory listing of shared folders We know fairly little about the guardian OS. If it's truely close to linux base all you'd have to do is get into a command and "chmod" the certain directlry to allow different viewable permissions to different user levels. I dont know if the Guardian OS allows for this or if it can be done at all. Shane __________________ Snap Servers: 1100 - 1x300gb Seagate Baracuda (SnapOS Version 3.4.807) 2200 - 2x80gb Maxtor (one dead) (SnapOS 4.0.860)

10-16-2006, 12:58 PM	#3
blue68f100 Thermophile Join Date: Jul 2005 Location: Plano, TX Posts: 3,135	Re: Prevent directory listing of shared folders Normal you can use the security setting to restrict users. The way I do this, is only give the user read rights to the file. DO Not give user read access to the directory or other files in the directory, corrects the problem. Have it remain under root or some other user. But you have to do it for each file, and provide a link directly to the file. I hope this helps. __________________ 1 Snap 4500 - 1.0T (4 x 250gig WD2500SB RE), Raid5, 1 Snap 4500 - 1.6T (4 x 400gig Seagates), Raid5, 1 Snap 4200 - 4.0T (4 x 2gig Seagates), Raid5, Using SATA converts from Andy Link to SnapOS FAQ's http://forums.procooling.com/vbb/showthread.php?t=13820

10-16-2006, 01:02 PM	#4
niknospam Cooling Neophyte Join Date: Oct 2006 Location: Texas Posts: 3	Re: Prevent directory listing of shared folders Shane, Thanks for your idea. I tried to do what you suggested. Indeed you can chmod the file/directory, but it seems to have no impact on the directory listing. The file (and directories) are owned by "admin". Doing a "ps" shows that Apache is also run as "admin". Since it is the same user, I can't think of a way to work the permissions so that Apache can't list the files. (what I'm implying is that I think the GUI uses the permissions of Apache to list the files, rather than the anonymous user who just browses the website). What do you think?

10-16-2006, 01:15 PM	#5
niknospam Cooling Neophyte Join Date: Oct 2006 Location: Texas Posts: 3	Re: Prevent directory listing of shared folders blue68f100, Shane, Ok, both your approaches are similar, and using directory security does work. Now I need to figure out how I can do it so that my files are not owned by "admin" (I have a scripted bulk copy to my Snap every night, I will have to re-work parts of that). I appreciate your help with pointing me in the right direction! Thanks! NikNoSpam

10-16-2006, 01:20 PM	#6
Hallis Cooling Savant Join Date: Oct 2001 Location: Dallas, Tx Posts: 469	Re: Prevent directory listing of shared folders you can make a script create a list of the file names, and then go back and chmod the file with the appropriate access. "chmod ### filename" for each file in the script list. __________________ Snap Servers: 1100 - 1x300gb Seagate Baracuda (SnapOS Version 3.4.807) 2200 - 2x80gb Maxtor (one dead) (SnapOS 4.0.860)

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)