DebianThis forum is for the discussion of Debian Linux.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I created a folder to be used on my sftp server, running Debian Etch.
I would like the folder to be read and written to by specific login user, this is not the root user by the way login in. I want this folder to not be deleted by anyone other than its creator root.
So I did this.
Code:
chmod 007 folder
Then within a GUI FTP client in windows Cute FTP I was able to delete the folder. What am I doing wrong?
CRC123, I want a specific other user to write to the folder and delete files within the folder. I logged in as root and created the folder. So it belongs to root. I just need to enable user XX to read and write to it but not delete the folder.
CRC123, I want a specific other user to write to the folder and delete files within the folder. I logged in as root and created the folder. So it belongs to root. I just need to enable user XX to read and write to it but not delete the folder.
Is the clearer?
Yep, got it now.
I believe you need to set the 'sticky' bit on the directory enclosing your ftp share:
Code:
chmod 1UGO <directory>
NOTE: UGO are place holders for whatever User Group and Other permissions you want set.
If you add the sticky bit, it should allow users to access the files as normal with their regular permissions being enforced. However, with sticky bit set, only root and OWNER of the file may delete it.
I just tested this on RHEL 4, I don't know if the sticky bit works the same on all Linux b/c I know there's no standard for it.
CRC123, I want a specific other user to write to the folder and delete files within the folder. I logged in as root and created the folder. So it belongs to root. I just need to enable user XX to read and write to it but not delete the folder.
Is the clearer?
You need to run the following commands:
chmod 700 mydirectory
chown XX mydirectory
The chmod command makes it so that only the owner (and root) can access mydirectory.
The chown command changes the owner of mydirectory to XX. Note that only root is allowed to use the chown command. A regular user can't chown anything--not even the files/directories he owns.
[edit: added:]
Oh, another thing. The user XX can delete this folder if and only if he has write access to the folder's parent folder.
If your giving other(everyone) full permissions, you might as well give owner and group since anyone is able to access the directory anyways.
Next, what ftp are you using? plain ftp or Very Secure ftp (vsftp)?
And what distro are you using?
I don't know if this works on plain ftp, but I have vsftp and it works:
1. Find the vsftpd.conf file (it's either in /etc or /etc/vsftpd)
2. Open it with vi and add these lines (or modify them if they are already there and UNCOMMENTED):
Quote:
chown_uploads=YES
chown_username=<user_you_pick>
NOTE: do not use root as <user_you_pic>; not a good idea
OPTIONAL but recommended:
3. Create a new user strictly for this ftp use. As root:
Code:
useradd specialftp
4. edit vsftpd.conf to have
Quote:
chown_username=specialftp
That should do it. See, the way it was before, you were logging into the ftp server with your normal username and then creating files that were OWNED by that username. Even with sticky bit, root and OWNER may delete files.
This way, you are forcing newly created/edited files uploaded through ftp to be OWNED by the 'specialftp' user. Therefore, only root and 'specialftp' can delete the files there and since no one uses specialftp, there won't be a problem!
lol. Sorry for the confusion, but I think this is what you need. This was good, I learned a lot with trying to help and great question!
CRC123, your first answer was closest to the mark. Lindylex is just seriously confused about the meaning of "other".
He thinks that because he's trying to give permissions to a particular "other" user, then he needs to set "7" to "other". He doesn't understand that "other" means EVERY other user, not just the particular user which he wants to give permissions to (as if the computer were psychic and knows which other user he's talking about).
CRC123 thanks for teaching me so much indirectly. I will explain what I learned and what I am or was attempting to do.
This is my environment CRC123, IsaacKuo already know this.
Debian Etch 4.0 | two users lex and root | the following packages are install vsftp, rysync, openssh-server | headless server no GUI, desktop, mouse or keyboard | O.S. running in 256 megs ram drive, I got this idea from IsaacKuo
I decided to create a folder in /home/lex/upload. I envision using “upload” folder/directory to place my uploaded files into. I was also paranoid that I would accidentally deleted this folder threw an ftp session. So I decided to create it with root, and then assign it a chmod 0007 so I can read, write and execution to it. But in a CuteFtp client on windows you can delete the entire folder. If I log into Linux threw ssh it behaves the way the permission is suppose to. User lex can create directories, delete, and add files to it.
This is where it gets strange. If I create this folder and place it any where outside the /home/lex directory everything is fine, something like this /home/upload. The ftp client can read and write to it but can not delete the directory.
When I change directives within /etc/vsftpd.conf it does nothing.
This is contents of that file.
listen=YES
anonymous_enable=NO
local_enable=YES
dirmessage_enable=YES
xferlog_enable=YES
connect_from_port_20=YES
chown_uploads=YES
chown_username=uploadtoftp
#local_root=/home/
nopriv_user=lex
ftpd_banner=BOOH
#chroot_local_user=YES
chroot_list_enable=YES
chroot_list_file=/etc/vsftpd.chroot_list
# Debian customization
secure_chroot_dir=/var/run/vsftpd
pam_service_name=vsftpd
rsa_cert_file=/etc/ssl/certs/vsftpd.pem
I might have to open another thread for this question but how do I prevent the user from escaping their root directory?
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.