0

In Windows, I was able to use the ICACLS utility to set files/folders with a lower integrity, in order to keep them from modifying higher-integrity locations. I'd like to do something like that with Ubuntu. Specifically, I plan to download music torrents but, just in case, I'd like to set things so that nothing can execute from the download folder. Is there some way I could do that? Alternately, maybe I could run the torrent program and the download folder under a completely different user and section it off from the system?

BKilpat01
  • 3

1 Answers1

1

EDIT: Most would say my answer is overkill, which it is, but if you are unfamiliar with Ubuntu permissions, I'd rather you use overkill than turn you computer into a worthless brick.

Your alternative is probably a good idea, if you are worried about the content you are downloading. Open your terminal (CTRL + ALT + T), and do:

sudo adduser NEWUSERNAME

su NEWUSERNAME

mkdir -p ~/Downloads

cd ~/Downloads

sudo chown -R NEWUSERNAME:NEWUSERNAME ~/Downloads

sudo chmod -R ~/Downloads 600

What that will do is create a new user, add a Downloads folder under that new users home. We make sure the owner and group is only the new user, and that there are only READ & WRITE permissions by the new user in that folder.

Ubuntu, and all Linux systems are much safer when it comes to the traditional Windows threats, clicking links, and running programs. Windows uses exe files, which can be downloaded and launched as soon as you click a link.

You should definitely set your browser preferences to "ask every time", where to download files. That way you will see the type of file being downloaded when Ubuntu asks you where to download the file. exe files, any scripts -> (*.sh), or other odd or suspicious files... "JUST SAY NO!" ...Just hit cancel.

Also, if you have a file with no file extension, or any file, you can check it out by doing:

cat filename

...and look for any suspicious scripts within its content.

Lastly, after downloading a file, it may have different permissions from where it was downloaded, so you can run this again, just to be safe:

sudo chmod -R ~/Downloads 600

You can check the Owner, Group, and permissions for Owner, Group, and Others within a directory or for a file using:

ls -al

ls -al FILENAME

ls -al DIRECTORYNAME

This explains permissions with both letters and numbers: http://www.draac.com/chmodchart.html

I hope that helps.

SudoSURoot
  • 2,849
  • 2
  • 15
  • 16