LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 02-09-2006, 07:21 AM   #1
Squintz
LQ Newbie
 
Registered: Feb 2006
Posts: 8

Rep: Reputation: 0
Can not chmod from ftp client?


I setup vsftpd and all seems to be well. However, I can not chmod from the smartFTP client. It tells me permission denied. Is there some way that I can give my users permission to execute the chmod command?
 
Old 02-09-2006, 07:38 AM   #2
Dtsazza
Member
 
Registered: Oct 2005
Location: Oxford, UK
Distribution: Debian Etch (w/ dual-boot XP for gaming)
Posts: 282

Rep: Reputation: 30
Quote:
Originally Posted by Squintz
It tells me permission denied.
It sounds like you don't have permission to chmod the files. Generally, you have to own the files (or be root) to change their permissions, though the actual criteria are probably more complex than that. man chmod doesn't mention them, and it's very hard to Google for permissions to issue the chmod command rather than those changed by it...

Edit: From playing around I haven't found any way to let someone other than the file's owner change it's permissions - and chances are, that's what the requirement is. My first thoughts on how to get around this is to add all the users to a special group, and then create a file, owned by root:<special group>, that basically just calls chmod. Then, if you set the SUID bit for the group, anyone in the group can essentially issue chmod as root. For security, you could add something in the script that checks the owner of the file and if it's not a particular user (or set of users), refuse to change it? That way, important system files couldn't be chmodded.

To take things a little further, you could create a text file containing names of files that may be changed by this chmod command (owned by root of course, and chmodded 600 or 644), and have the script load it in dynamically and see if the file to be changed is on that list. A little cumbersome, but not too much, and you get fine-grained control then.

Double-edit: Even better way - still set the SUID bit, but have the owner as your user (presuming that it's only one user's files to be changed). That way, you don't have to faff about with conditions and access lists, and there's no potential security backdoor.

Last edited by Dtsazza; 02-09-2006 at 07:51 AM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] FTP: recursive chmod (separate for directories and files) mgmax Linux - Software 11 01-29-2011 08:06 AM
ProFTPd ... FTP client fails to connect: timeout after client sends 'LIST' nutnut Linux - Software 2 01-01-2006 07:09 PM
chmod rights over ftp/telnet Garp Linux - Security 9 08-04-2005 06:20 AM
ftp chmod overflow vulnerability jerhughes Linux - Security 1 08-04-2004 04:22 PM
ipchains, ftp from client to non-ftp ports atari303 Linux - Networking 2 11-08-2002 02:43 AM


All times are GMT -5. The time now is 07:50 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration