Re: help with permissions

From: Laurenz Albe (albe_at_culturallNOSPAM.com)
Date: 09/20/04 

Date: Mon, 20 Sep 2004 14:29:34 +0000 (UTC)

help <help@help.com> wrote:
> i simply need to work out some permissions for my new ftp server. this is
> what i want but cannot yet work it out for myself!
>
> group called 'upload'
>
> read contents of pub and uploads but not download or delete
> write to uploads (create a dir and put stuff in there if they want)
>
> group called 'download'
>
> read and download from both directories delete nothing from anywhere
> create dir and put stuff in uploads

... and now you write that it would be ok for you if uploaders can
delete their own files.

There are more confusing things: like you want downloaders to be allowed
to 'put stuff in upload'.

I don't want to discourage you, but the first thing you must do is
figure out what you really want. Like draw a diagram with a directory
hierarchy, upload and download users and think what each should be
allowed to do.

If a user logs in via ftp, his/her rights are the same as if he/she logs
in via telnet. So you can start creating the directory hierarchy, login
as various users and test your setup.

Read the manuals for chmod and other permission related documentation
thoroughly. Mark that permissions on directories usually mean something
else that permissions on files. Pay special attention to two advanced
permission bits and their meaning for directories: setgid flag and sticky
bit.

Try to assign unix groups to simple tasks: 'is allowed to create a file
or directory in upload' and similar.

Add your test users to these groups as appropriate, and play around.

It is beyond the scope of a newsgroup to give you a walk-through for
an configuring your ftp server.

If you ask questions, ask specific questions, like 'I have created user x
with groups y and z, why is he able to delete file a in directory b?'
and make sure to add all relevant information.

But ask that question only after you have read the documentation and
doen a web search for your problem!

Yours,
Laurenz Albe

Relevant Pages

  • RE: nix based ftp server suggestions
    ... I am playing with vsftpd right now. ... When I mean easy to manage, I need an ftp server so that some of our users ... can upload download large files to collaborate with people not in our ... by non tech users(ie marketing needs to give Graphics Co. X access to upload ...
    (Security-Basics)
  • Re: clientless windowsbased sftp / ssh server?
    ... > maybe run a secure http webserver instead of ftp server since ie6 ... > webserver then I think I can only download from it, ... No, you can upload too. ...
    (comp.security.ssh)
  • Re: FTP server error 550: Access denied
    ... >I've got a problem with my FTP server: I cannot upload any files to my site. ... >Anyone know additional issues that should taken into consideration, when installing the FTP server to Windows 2000 server? ... I'd suggest checking the permissions again. ... Regards, ...
    (microsoft.public.inetserver.iis)
  • Jakarta common/net FTP - setRestartOffset - Upload Resume...
    ... I have tried to understand how to resume an upload or download using ... the FTPClient API from Jakarta common net libraries. ... of the offset or is it simply handled by the FTP server? ...
    (comp.lang.java.programmer)
  • Re: FTP cant upload/create directories more than 2 deep.
    ... double check the permissions on root+2 and +3 ... I'm trying to upload a website to an FTP user home directory, ... An error occurred copying a file to the FTP Server. ...
    (microsoft.public.inetserver.iis.ftp)