Index: scripts/lockdown.sh
===================================================================
diff -u -r26d16005a23c70c0995584f7ae4364fa2d75add0 -r5d26baccf9eaf26dc95f281634aedba68544aa0f
--- scripts/lockdown.sh	(.../lockdown.sh)	(revision 26d16005a23c70c0995584f7ae4364fa2d75add0)
+++ scripts/lockdown.sh	(.../lockdown.sh)	(revision 5d26baccf9eaf26dc95f281634aedba68544aa0f)
@@ -222,7 +222,11 @@
   # ***** cloud
   # Give read-only access to denali by making the group owner.
   chown -R cloud.denali /var/configurations/CloudSync
-  chmod -R g-w,g+r,o-rwx /var/configurations/CloudSync
+  # Give only listing permission to the denali user (e.g Denali can only ls, not cat or open files)
+  # Set the cloud sync directories to have read-only permissions
+  find /var/configurations/CloudSync -type d -exec chmod g-w,g+r,o-rwx {} \;
+  # Set the files to not have read/write permissions
+  find /var/configurations/CloudSync -type f -exec chmod g-rwx,o-rwx {} \;
 
   # Give read-only access to denali by making the group owner.
   mkdir -p /media/sd-card/cloudsync