Security for directories
by trackstar2000 from LinuxQuestions.org on (#53EBF)
We are testing an application called RStudio which is accessible from the browser. RStudio provides the interface to R programming.
On testing the application, we notice the user has access to the shell from the tab called "Terminal" which defaults to the home directory.
Currently the user can go through every directory structure of the OS (Ubantu 18). What is the best practice in locking down and preventing that? Most directories are at 755.
Thanks ahead for the feedback.
$ ls -l
total 2097252
drwxr-xr-x 2 root root 4096 Feb 26 20:14 bin
drwxr-xr-x 3 root root 4096 May 11 06:12 boot
drwxr-xr-x 2 root root 4096 Feb 26 00:08 cdrom
drwxr-xr-x 18 root root 3920 May 10 06:18 dev
drwxr-xr-x 104 root root 4096 May 10 06:18 etc
drwxr-xr-x 6 root root 4096 Apr 17 07:21 home
lrwxrwxrwx 1 root root 33 May 10 06:18 initrd.img -> boot/initrd.img-4.15.0-99-generic
lrwxrwxrwx 1 root root 33 May 10 06:18 initrd.img.old -> boot/initrd.img-4.15.0-96-generic
drwxr-xr-x 22 root root 4096 Mar 2 22:56 lib
drwxr-xr-x 2 root root 4096 Mar 2 22:56 lib32
drwxr-xr-x 2 root root 4096 Aug 5 2019 lib64
drwx------ 2 root root 16384 Feb 26 00:07 lost+found
drwxr-xr-x 2 root root 4096 Aug 5 2019 media
drwxr-xr-x 2 root root 4096 Aug 5 2019 mnt
drwxr-xr-x 2 root root 4096 Aug 5 2019 opt
dr-xr-xr-x 128 root root 0 May 9 00:46 proc
drwx------ 4 root root 4096 Mar 2 22:56 root
drwxr-xr-x 30 root root 1140 May 13 21:08 run
drwxr-xr-x 2 root root 12288 Feb 26 20:14 sbin
drwxr-xr-x 4 root root 4096 Feb 26 01:01 snap
drwxr-xr-x 2 root root 4096 Aug 5 2019 srv
-rw------- 1 root root 2147483648 Feb 26 00:09 swap.img
dr-xr-xr-x 13 root root 0 May 13 21:09 sys
drwxrwxrwt 12 root root 4096 May 13 21:08 tmp
drwxr-xr-x 11 root root 4096 Mar 2 22:56 usr
drwxr-xr-x 13 root root 4096 Aug 5 2019 var
lrwxrwxrwx 1 root root 30 May 10 06:18 vmlinuz -> boot/vmlinuz-4.15.0-99-generic
lrwxrwxrwx 1 root root 30 May 10 06:18 vmlinuz.old -> boot/vmlinuz-4.15.0-96-generic
$ pwd
/
On testing the application, we notice the user has access to the shell from the tab called "Terminal" which defaults to the home directory.
Currently the user can go through every directory structure of the OS (Ubantu 18). What is the best practice in locking down and preventing that? Most directories are at 755.
Thanks ahead for the feedback.
$ ls -l
total 2097252
drwxr-xr-x 2 root root 4096 Feb 26 20:14 bin
drwxr-xr-x 3 root root 4096 May 11 06:12 boot
drwxr-xr-x 2 root root 4096 Feb 26 00:08 cdrom
drwxr-xr-x 18 root root 3920 May 10 06:18 dev
drwxr-xr-x 104 root root 4096 May 10 06:18 etc
drwxr-xr-x 6 root root 4096 Apr 17 07:21 home
lrwxrwxrwx 1 root root 33 May 10 06:18 initrd.img -> boot/initrd.img-4.15.0-99-generic
lrwxrwxrwx 1 root root 33 May 10 06:18 initrd.img.old -> boot/initrd.img-4.15.0-96-generic
drwxr-xr-x 22 root root 4096 Mar 2 22:56 lib
drwxr-xr-x 2 root root 4096 Mar 2 22:56 lib32
drwxr-xr-x 2 root root 4096 Aug 5 2019 lib64
drwx------ 2 root root 16384 Feb 26 00:07 lost+found
drwxr-xr-x 2 root root 4096 Aug 5 2019 media
drwxr-xr-x 2 root root 4096 Aug 5 2019 mnt
drwxr-xr-x 2 root root 4096 Aug 5 2019 opt
dr-xr-xr-x 128 root root 0 May 9 00:46 proc
drwx------ 4 root root 4096 Mar 2 22:56 root
drwxr-xr-x 30 root root 1140 May 13 21:08 run
drwxr-xr-x 2 root root 12288 Feb 26 20:14 sbin
drwxr-xr-x 4 root root 4096 Feb 26 01:01 snap
drwxr-xr-x 2 root root 4096 Aug 5 2019 srv
-rw------- 1 root root 2147483648 Feb 26 00:09 swap.img
dr-xr-xr-x 13 root root 0 May 13 21:09 sys
drwxrwxrwt 12 root root 4096 May 13 21:08 tmp
drwxr-xr-x 11 root root 4096 Mar 2 22:56 usr
drwxr-xr-x 13 root root 4096 Aug 5 2019 var
lrwxrwxrwx 1 root root 30 May 10 06:18 vmlinuz -> boot/vmlinuz-4.15.0-99-generic
lrwxrwxrwx 1 root root 30 May 10 06:18 vmlinuz.old -> boot/vmlinuz-4.15.0-96-generic
$ pwd
/