I created a folder to be used on my sftp server, running Debian Etch.

I would like the folder to be read and written to by specific login user, this is not the root user by the way login in. I want this folder to not be deleted by anyone other than its creator root.

So I did this.

Then within a GUI FTP client in windows Cute FTP I was able to delete the folder. What am I doing wrong?

You've got the permissions backwards .

Try this:Just remember UGO (User, Group, Other) in that order

What you did was make it read/write/executable by 'other' (which is basically everyone)

CRC123, I want a specific other user to write to the folder and delete files within the folder. I logged in as root and created the folder. So it belongs to root. I just need to enable user XX to read and write to it but not delete the folder.

Is the clearer?

Yep, got it now.

I believe you need to set the 'sticky' bit on the directory enclosing your ftp share:

NOTE: UGO are place holders for whatever User Group and Other permissions you want set.

If you add the sticky bit, it should allow users to access the files as normal with their regular permissions being enforced. However, with sticky bit set, only root and OWNER of the file may delete it.

I just tested this on RHEL 4, I don't know if the sticky bit works the same on all Linux b/c I know there's no standard for it.

CRC123, I tried.
I still can delete it from Cute FTP.

Any time you set the last digit to "7", then you are giving read/write/execute permissions to EVERYBODY.

If you want to deny others rwx access, then you need the last digit of the permissions to be "0".

You need to run the following commands:

chmod 700 mydirectory
chown XX mydirectory

The chmod command makes it so that only the owner (and root) can access mydirectory.

The chown command changes the owner of mydirectory to XX. Note that only root is allowed to use the chown command. A regular user can't chown anything--not even the files/directories he owns.

[edit: added:]
Oh, another thing. The user XX can delete this folder if and only if he has write access to the folder's parent folder.

Ok, I see what your trying to do.

for starters you might as well do this:
If your giving other(everyone) full permissions, you might as well give owner and group since anyone is able to access the directory anyways.

Next, what ftp are you using? plain ftp or Very Secure ftp (vsftp)?
And what distro are you using?

I don't know if this works on plain ftp, but I have vsftp and it works:

1. Find the vsftpd.conf file (it's either in /etc or /etc/vsftpd)
2. Open it with vi and add these lines (or modify them if they are already there and UNCOMMENTED):
NOTE: do not use root as <user_you_pic>; not a good idea

OPTIONAL but recommended:

3. Create a new user strictly for this ftp use. As root:
4. edit vsftpd.conf to have That should do it. See, the way it was before, you were logging into the ftp server with your normal username and then creating files that were OWNED by that username. Even with sticky bit, root and OWNER may delete files.

This way, you are forcing newly created/edited files uploaded through ftp to be OWNED by the 'specialftp' user. Therefore, only root and 'specialftp' can delete the files there and since no one uses specialftp, there won't be a problem!

lol. Sorry for the confusion, but I think this is what you need. This was good, I learned a lot with trying to help and great question!

CRC123, your first answer was closest to the mark. Lindylex is just seriously confused about the meaning of "other".

He thinks that because he's trying to give permissions to a particular "other" user, then he needs to set "7" to "other". He doesn't understand that "other" means EVERY other user, not just the particular user which he wants to give permissions to (as if the computer were psychic and knows which other user he's talking about).

CRC123, IsaacKuo, thanks for helping.

CRC123 thanks for teaching me so much indirectly. I will explain what I learned and what I am or was attempting to do.

This is my environment CRC123, IsaacKuo already know this.

Debian Etch 4.0 | two users lex and root | the following packages are install vsftp, rysync, openssh-server | headless server no GUI, desktop, mouse or keyboard | O.S. running in 256 megs ram drive, I got this idea from IsaacKuo

I decided to create a folder in /home/lex/upload. I envision using “upload” folder/directory to place my uploaded files into. I was also paranoid that I would accidentally deleted this folder threw an ftp session. So I decided to create it with root, and then assign it a chmod 0007 so I can read, write and execution to it. But in a CuteFtp client on windows you can delete the entire folder. If I log into Linux threw ssh it behaves the way the permission is suppose to. User lex can create directories, delete, and add files to it.

This is where it gets strange. If I create this folder and place it any where outside the /home/lex directory everything is fine, something like this /home/upload. The ftp client can read and write to it but can not delete the directory.

When I change directives within /etc/vsftpd.conf it does nothing.

This is contents of that file.


listen=YES

anonymous_enable=NO

local_enable=YES

dirmessage_enable=YES

xferlog_enable=YES

connect_from_port_20=YES

chown_uploads=YES
chown_username=uploadtoftp

#local_root=/home/

nopriv_user=lex

ftpd_banner=BOOH

#chroot_local_user=YES

chroot_list_enable=YES

chroot_list_file=/etc/vsftpd.chroot_list

# Debian customization

secure_chroot_dir=/var/run/vsftpd

pam_service_name=vsftpd

rsa_cert_file=/etc/ssl/certs/vsftpd.pem

I might have to open another thread for this question but how do I prevent the user from escaping their root directory?