[NBLUG/talk] FTP, directories,ownership, permissions

E Frank Ball frankb at efball.com
Fri Aug 29 16:54:01 PDT 2003


On Fri, Aug 29, 2003 at 05:35:28AM -0700, Todd Cary wrote:
} 
} /home is owned by root and is part of the root group.  Permissions are 
} "rwxr-xr-x" (I am going to have to learn octal :-) ).

No need to learn octal.  See man chmod.  You can change permissions with
just letters, I find it easier than figuring out the numbers (which are
base 10).  there is u(ser), g(roup), o(ther), and a(ll).

Examples:

chmod g+w directory
adds write permssion for group

chmod o-x directory
removes execute permissions for other, which also means they can't cd to
a directory.

chmod a+rx directory
change permissions for all (user, group, and other) to add read and
execute permissions.


} All user directories are owned by the user and are part of group "adm".  
} The permissions are "rwxrwxr-x".
} 
} "httpd" is one of the users and this is the base or root directory for 
} http.  All directories under "httpd" are owned by "todd" and are part of 
} the "adm" group.  The permissions are "rwxrwxr-x".
} 
} FTP question:
} 
} I have a user "darren".  He can FTP into his directory and any 
} directories under his directory - as expected.  There is an application 
} under "httpd" called "newsearch" (as stated above, owned by "todd" and 
} is part of the "adm" group).  I would like to give "darren" the ability 
} to FTP into that directory.
} 
} have I created a monster, or can it be fixed?
} 
} [Note: I use Samba and the owner of files created on the Linux box when 
} "todd" is logged onto the Win 2000 is "todd" and are members of the 
} "adm" group].

What version of ftp are you running?  It may or may not chroot darren to
his home directory. 

vsftp has a config file /etc/vsftp/vsftp.conf
In it is something like this:
# You may specify an explicit list of local users to chroot() to their home
# directory. If chroot_local_user is YES, then this list becomes a list of
# users to NOT chroot().
#chroot_list_enable=YES
# (default follows)
#chroot_list_file=/etc/vsftpd.chroot_list

by default vsftp doesn't seem to chroot users.  wu-ftpd is also common,
and I don't think it does either.

Does darren need write permissions under /home/httpd/ ?
If so you can add him to the group adm by adding his login to the list
in /etc/group like this:
adm:x:4:root,adm,daemon,darren

BUT, That probably gives him way more permissions than you want too.  A
better idea would be to create a new group for you and darren and change
the httpd directory group to that.

In /etc/group add a line:
wwwgrp:x:77:darren,todd
The number 77 is compeletly arbritrary, just pick an un-used number.

cd /home
chgrp -R wwwgrp httpd

This will recursively change all the files under httpd to have the group
wwwgrp

chmod -R g+w httpd

This will recursively change all the file and directory permissions
under httpd so that they can be written by anyone in the wwwgrp.
Of course you can be more selective about which files you change group
and permissions on.

You must login again for new groups to be added to your login.

Then there is the "sticky bit":

drwxrwsr-x   3 frankb     mteadm        1024 Aug 22 15:52 images

That s in the group field means than any files created in the directory
images will have the group set to mteadm.  Create with 
chmod g+s directory


-- 

   E Frank Ball   frankb at efball.com



More information about the talk mailing list