[NBLUG/talk] Permissions question
Mark Street
jet at sonic.net
Fri Oct 17 14:34:00 PDT 2003
UNIX mantra states that the user/group ownership/permissions on a
directory dictate the access and permissions to the subdirectories and
files under it.
There is no way poor brianpics can chdir into his home dir when he logs
in because the permissions on /home/httpd dir restrict him from changing
to his home dir. You have 3 or more choices...
1. Move his home dir to a more compliant place in the filesystem.
2. Add him to the adm group.
3. Change ownership && || perms on the /home/httpd dir.
May I suggest you take a look at the Linux Filesystem Hierarchy Standard
and the Linux Security HOWTO - Files and Filesystem Security.
On Fri, 17 Oct 2003, Todd Cary wrote:
> /etc/passwd: brianpics:x:515:100:brianpics:/home/httpd/brianpics:/bin/bash
>
> id brianpics: uid=515(brianpics) gid=100(users)
> groups=100(users),515(brianpics)
>
> /home/httpd permissions: owner - apache; group - adm; permissions -
> drwxrwxr--
>
> At this time I have
>
> chroot local_users=YES
>
> to restrict all users, but I will implement the list in the future.
>
> Running RH 9, is user "adm" a default? I do not remember setting that up.
>
> <<< adm:x:3:4:adm:/var/adm:/sbin/nologin >>>
>
> Many thanks.........
>
> Todd
>
>
> Mark Street wrote:
>
> >Let's see brianpics entry in /etc/passwd,
> >
> >and the output from the command
> >
> >id brianpics
> >
> >What are the full permissions on /home/httpd directory?
> >For brianpics directory the perms can be more restrictive 750 or even 700.
> >
> >>From /etc/vsftpd/vsftpd.conf, uncomment as I have done here. Of course my
> >config may be different than yours..
> >
> ># You may specify an explicit list of local users to chroot() to their home
> ># directory. If chroot_local_user is YES, then this list becomes a list of
> ># users to NOT chroot().
> >chroot_list_enable=YES
> ># (default follows)
> >chroot_list_file=/etc/vsftpd.chroot_list
> >#
> >
> >Create the file vsftpd.chroot_list file and put the users login name in it.
> >
> >then run as root
> >
> >service vsftpd restart
> >
> >login as your user.... ftp chroot jail...
> >
> >On Friday 17 October 2003 07:45, Todd Cary wrote:
> >
> >
> >>Mark -
> >>
> >><<<
> >>ServerRoot /etc/httpd or DocumentRoot /home/httpd/html
> >>
> >>
> >>ServerRoot /etc/httpd
> >>
> >><<<
> >>
> >>DocumentRoot /home/httpd/html
> >>
> >><<<
> >>theApache 1.3* or Apache 2 ??
> >>
> >>What ftp server are you using?
> >>
> >>
> >>Apache 2.
> >>VsFtp
> >>
> >><<<
> >>Why do you set the group to adm on the brianpics dir, set it to the
> >>owner and
> >>
> >>If I set the group to the ownder, brianpics, I cannot login. Why?
> >>
> >>Here is the confusing part for me:
> >>
> >>The users home directory is /home/httpd/brianpics and the privileges are
> >>drwxrwxr-- and the directory is owned by brianpics. The ftp error is
> >>"500 OOPS: chdir" on attempting login.
> >>
> >>chdir from where to where?
> >>
> >>Sorry if this has an obvious answer that I am just missing, but......
> >>
> >>
> >
> >
> >
>
> --
>
> _______________________________________________
> talk mailing list
> talk at nblug.org
> http://nblug.org/mailman/listinfo/talk
>
>
More information about the talk
mailing list