How to set the Download folder permissions?

[xenial]

As per my screenshot.Is this the recommended settings for downloads folder.?

capture7162.png (25.25 KiB) Viewed 410 times

[bigpup]

What are you trying to do?

We always need to know what specific version of Puppy you are talking about.
Yes there is a difference in versions and how they do things.

[xenial]

What are you trying to do?

We always need to know what specific version of Puppy you are talking about.
Yes there is a difference in versions and how they do things.

@bigpup
I use xenialpup 32bit.
Not trying to do anything in particular,just seeking advice on how the downloads permissions should be set.

[rockedge]

Screenshot.png (21.39 KiB) Viewed 384 times

[bigpup]

If you are worried about stuff you download just executing.
I assume you are downloading using a browser.
If you run the browser as spot.
It will be restricted to only downloading into the restricted directory spot.
You are the only one that is able to exec something that is in the spot directory.

Read about spot by clicking on this file:
/usr/share/doc/root.htm

[user1111]

You are the only one that is able to exec something that is in the spot directory

With some clever crafting such a using java, a downloaded file into spots download folder could for instance link to /etc/passwd. That might function similar to something like

<a href=file:///etc/passwd>pw</a>

that the javascript might then open within a perhaps invisible frame and post to a remote site ... to reveal all of the userids within the system, or whatever (yes, perhaps too trivial/simple a example). Which is a bit like someone else having exec something.

If spot shares the same X server as root windows, then there's also the risk that it may be possible for spot to stuff command sequences or log keys ..etc. to end up with root level access/control.

It's much less a case of what you download (assuming you don't run downloaded stuff other than from trusted sources), its more a case of what permissions you permit for others to do things like running scripts, which javascript is just one. And more often the target will not be your data, other than perhaps looking to encrypt it for ransom, but just a few select files such as userids, keys (.ssh folder content), ssid/password ..etc. ... that potentially opens up easy/direct access into other systems/networks.

Browser updates often fix one security issue only to introduce perhaps multiple more. Security bugs are just regular bugs but that have some element of compromising a systems security. And browsers are quite large/complex, so at great risk of including bugs.

Basically the permissions allocated to your Downloads folder is much less of a issue than is visiting web sites that in turn might 'say' you can't really view this sites content without enabling us to run scripts on your system, and where a nasty site might exploit being given such permissions. That said there's little need to breach systems nowadays as millions are very lapse with their online security to the extent that there so many throwing data at those that do use/exploit that data that there's no need for them to go-fishing. It's like going out in a rowing boat and soon being swapped with all the fish jumping into the boat.