Using the SSH opened port, it was possible to verify the folders and the files present, under the directory /usr/share/SecretFolder They are exposed without authentication. My question it's possible to forbid interaction (list/edit/delete/copy) with them. or to hide this folder.
for who ? from where ? using what ?
-for all user admin...
-from ssh session (when I access to the gateway
ssh admin@192.168.1.1
cd /usr/share/secretFolder && ls
=> I should see nothing.
set a 700 permission on the folder owned by root:root .
it was already 700 the permission, but I'm still able to view the content from ssh!
drwx------ 1 root root 232 Sep 28 2021 secretfolder
How was the "admin" user created? Is it a real user, or just an alias for "root"?
Yes, I found that the admin is the same root, how I can separate them?
delete the admin alias, or stop it from using ssh ?
what openwrt release is this, anyway ?
Well, it depends on how you want to use this "admin" user, and what permissions will have.
1 Like