FlashFXP Forums - View Single Post

Yil · 10-06-2009, 12:10 AM

dw.owned: There really isn't any way to hide a directory and yet have it still be accessible. You can use private settings [chattr 0] to specify who can see/access a private directory via "1 !A =group" type settings but if the user matches they can see it. I presume you want to do something like have a /_real normal users can't see and yet make everyone access stuff through virtual directories like /music or something?

You could try creating a 000 permissions directory that would show up like d--------- so it wouldn't really be hidden. Nobody but VM flagged users could enter it normally because they are immune to +r checking. The tricky part is you couldn't make normal symbolic links into that directory because access requires +r to the entire directory path. You can however try returning links into there via virtual directories. I believe I was smart though and as a safety check resolved paths from virtual directories are fed back into the system to verify +r for the whole path. I haven't tested that though so it's worth a shot...

I don't suggest VFS mountfile tricks, because I'm working on a reverse resolver to take real paths and turn them back into VFS paths as both a useful feature for scripts and as a safety feature for NTFS symbolic and junctions that could expose parts of the filesystem that shouldn't be visible.

I'm open to suggestions like 000 dirs marked as Private and thus only accessible to VM flagged users that start with a "." (to prevent exposing dirs on existing setups when upgrading by accident) should be hidden from user listings for regular users but ignore +r checks in path resolving or something. I would guess that would be similiar to -r+x style unix dirs and would suffer from user's being able to guess at names as well. If you have a suggestion feel free to chime in!

10-06-2009, 12:10 AM
Yil Too much time... Join Date: May 2005 Posts: 1,194	dw.owned: There really isn't any way to hide a directory and yet have it still be accessible. You can use private settings [chattr 0] to specify who can see/access a private directory via "1 !A =group" type settings but if the user matches they can see it. I presume you want to do something like have a /_real normal users can't see and yet make everyone access stuff through virtual directories like /music or something? You could try creating a 000 permissions directory that would show up like d--------- so it wouldn't really be hidden. Nobody but VM flagged users could enter it normally because they are immune to +r checking. The tricky part is you couldn't make normal symbolic links into that directory because access requires +r to the entire directory path. You can however try returning links into there via virtual directories. I believe I was smart though and as a safety check resolved paths from virtual directories are fed back into the system to verify +r for the whole path. I haven't tested that though so it's worth a shot... I don't suggest VFS mountfile tricks, because I'm working on a reverse resolver to take real paths and turn them back into VFS paths as both a useful feature for scripts and as a safety feature for NTFS symbolic and junctions that could expose parts of the filesystem that shouldn't be visible. I'm open to suggestions like 000 dirs marked as Private and thus only accessible to VM flagged users that start with a "." (to prevent exposing dirs on existing setups when upgrading by accident) should be hidden from user listings for regular users but ignore +r checks in path resolving or something. I would guess that would be similiar to -r+x style unix dirs and would suffer from user's being able to guess at names as well. If you have a suggestion feel free to chime in!