Index: scripts/lockdown.sh
===================================================================
diff -u -rff95c34e6cc28ec8de8f81854ea9f4369afa9c7f -r6112967fb4c3adb1d8147e26cd33e8e661202f96
--- scripts/lockdown.sh	(.../lockdown.sh)	(revision ff95c34e6cc28ec8de8f81854ea9f4369afa9c7f)
+++ scripts/lockdown.sh	(.../lockdown.sh)	(revision 6112967fb4c3adb1d8147e26cd33e8e661202f96)
@@ -226,7 +226,11 @@
   # ***** cloud
   # Give read-only access to denali by making the group owner.
   chown -R cloud.denali /var/configurations/CloudSync
-  chmod -R g-w,g+r,o-rwx /var/configurations/CloudSync
+  # Give only listing permission to the denali user (e.g Denali can only ls, not cat or open files)
+  # Set the cloud sync directories to have read-only permissions
+  find /var/configurations/CloudSync -type d -exec chmod g-w,g+r,o-rwx {} \;
+  # Set the files to not have read/write permissions
+  find /var/configurations/CloudSync -type f -exec chmod g-rwx,o-rwx {} \;
 
   # Give read-only access to denali by making the group owner.
   mkdir -p /media/sd-card/cloudsync