LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 01-21-2013, 03:53 PM   #1
sneakyimp
Senior Member
 
Registered: Dec 2004
Posts: 1,023

Rep: Reputation: 67
Is there a umask equivalent for file ownership?


I have a web root containing a wordpress installation. When a some_user uploads new source code and over-writes files (e.g., .htaccess or index.php) or creates new files, I need for the ownership of the files to be apache:some_user.

I understand that umask determines the permissions of newly created files. Is there some command that determines ownership of newly created files?
 
Old 01-21-2013, 05:04 PM   #2
kbp
Senior Member
 
Registered: Aug 2009
Posts: 3,790

Rep: Reputation: 650Reputation: 650Reputation: 650Reputation: 650Reputation: 650Reputation: 650
You can use the setgid bit on the top level directory to enforce group ownership of files, but actual owner is not affected. If the method for updating files on the site was to upload via ftp then you can force the ownership, vsftpd can do this with the chown_uploads and chown_username directives, other ftp servers may have similar options.
 
Old 01-21-2013, 07:17 PM   #3
sneakyimp
Senior Member
 
Registered: Dec 2004
Posts: 1,023

Original Poster
Rep: Reputation: 67
Quote:
Originally Posted by kbp View Post
You can use the setgid bit on the top level directory to enforce group ownership of files, but actual owner is not affected.
Could you be more specific? I'm not familiar with setgid, but it sounds like you are saying this only affects group ownership of new files and not their user ownership. Please clarify.

Quote:
Originally Posted by kbp View Post
If the method for updating files on the site was to upload via ftp then you can force the ownership, vsftpd can do this with the chown_uploads and chown_username directives, other ftp servers may have similar options.
I don't have any FTP server installed. Access to the server is accomplished via certificated-authenticated SFTP. I assume the mechanism of file transfer is SCP.
 
Old 01-21-2013, 07:32 PM   #4
chrism01
LQ Guru
 
Registered: Aug 2004
Location: Sydney
Distribution: Centos 6.9, Centos 7.3
Posts: 17,374

Rep: Reputation: 2383Reputation: 2383Reputation: 2383Reputation: 2383Reputation: 2383Reputation: 2383Reputation: 2383Reputation: 2383Reputation: 2383Reputation: 2383Reputation: 2383
setuid (aka suid) and sgid
https://en.wikipedia.org/wiki/Setuid
http://kmaiti.blogspot.com.au/2011/0...ticky-bit.html

The ssh pkg includes 3 tools
a) ssh - encrypted terminal access
b) scp - encrypted cp
c) sftp - encrypted ftp
http://www.openssh.com/manual.html

HTH
 
1 members found this post helpful.
Old 01-22-2013, 08:55 AM   #5
sneakyimp
Senior Member
 
Registered: Dec 2004
Posts: 1,023

Original Poster
Rep: Reputation: 67
Quote:
Originally Posted by chrism01 View Post
setuid (aka suid) and sgid
https://en.wikipedia.org/wiki/Setuid
http://kmaiti.blogspot.com.au/2011/0...ticky-bit.html

The ssh pkg includes 3 tools
a) ssh - encrypted terminal access
b) scp - encrypted cp
c) sftp - encrypted ftp
http://www.openssh.com/manual.html

HTH
Thanks for the links. From the Wikipedia, this disappointing tidbit:
Quote:
The setuid permission set on a directory is ignored on UNIX and Linux systems.
which suggests that I'm out of luck.

I might, on the other hand try and alter some configuration of ssh or scp or sftp such that I can apply a setuid setting to *one specific user* but I've got no idea where to do that -- or if it's even possible.

I see from this url that sftp supports chown (I figured as much) but I have never had any luck at all changing the owner of a file without root permissions -- even if I own the file.
 
Old 01-22-2013, 09:00 AM   #6
shivaa
Senior Member
 
Registered: Jul 2012
Location: Grenoble, Fr.
Distribution: Sun Solaris, RHEL, Ubuntu, Debian 6.0
Posts: 1,800
Blog Entries: 4

Rep: Reputation: 286Reputation: 286Reputation: 286
Although you can't force newly created files to have some specifc owner, but using setgid you can force newly created files/directories to inherit group of parant directory.
Code:
~$ chmod g+xs /path/to/dir
On the other hand, set sticky bit permission on parant directory to protect it from unauthorized modifications, as:-
Code:
~$ chmod a+t /path/to/dir
It will then allow only root, owner of parant dir. or onwer of file/sub-directory to modify contents.

Last edited by shivaa; 01-22-2013 at 09:08 AM.
 
Old 01-22-2013, 06:23 PM   #7
chrism01
LQ Guru
 
Registered: Aug 2004
Location: Sydney
Distribution: Centos 6.9, Centos 7.3
Posts: 17,374

Rep: Reputation: 2383Reputation: 2383Reputation: 2383Reputation: 2383Reputation: 2383Reputation: 2383Reputation: 2383Reputation: 2383Reputation: 2383Reputation: 2383Reputation: 2383
Don't forget that sshd is owned by root, so sftp can change owners for you, if that's what you really want.
Generally webpages are owned by the apache (acct name might be www or some such) user; wordpress is probably the same/similar.

Code:
 ll /usr/sbin/sshd
-rwxr-xr-x. 1 root root 530104 Nov  9 22:49 /usr/sbin/sshd
 
1 members found this post helpful.
Old 01-22-2013, 06:30 PM   #8
sneakyimp
Senior Member
 
Registered: Dec 2004
Posts: 1,023

Original Poster
Rep: Reputation: 67
Quote:
Originally Posted by chrism01 View Post
Don't forget that sshd is owned by root, so sftp can change owners for you, if that's what you really want.
Generally webpages are owned by the apache (acct name might be www or some such) user; wordpress is probably the same/similar.

Code:
 ll /usr/sbin/sshd
-rwxr-xr-x. 1 root root 530104 Nov  9 22:49 /usr/sbin/sshd
Chris, it had not occurred to me that sshd is owned by root but that makes complete sense. The question is then "how do I alter my sshd config such that all files uploaded by user foo to directory /var/www/html are owned by apache:foo" ? I've checked 'man sshd_config' and find no mention of setuid in there. I tend to doubt such a specific configuration option is available.

In case anyone is wondering, the reason I ask is due to the way that Wordpress checks file ownership. It attempts to create a temporary file in the webroot somewhere and then checks the owner of that file. If the owner is not apache, then it resorts to prompting the user for FTP/SFTP credentials. Not the end of the world, but an unnecessary extra step IMHO.
 
Old 01-22-2013, 08:09 PM   #9
chrism01
LQ Guru
 
Registered: Aug 2004
Location: Sydney
Distribution: Centos 6.9, Centos 7.3
Posts: 17,374

Rep: Reputation: 2383Reputation: 2383Reputation: 2383Reputation: 2383Reputation: 2383Reputation: 2383Reputation: 2383Reputation: 2383Reputation: 2383Reputation: 2383Reputation: 2383
Forget setuid, that's a completely different concept.
Here you just need to set the actual owner, which sftp supports as you've noticed.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
umask and permissions: has umask 007 bad side effects? browny_amiga Linux - General 2 09-09-2011 08:01 AM
[SOLVED] Umask -> Bash.bashrc file ? jv2112 Linux - Newbie 3 12-23-2010 02:42 PM
file creation umask not consistent gostal Ubuntu 6 10-04-2006 02:09 AM
umask and default file permission cool9292 Linux - Newbie 2 03-10-2006 07:03 PM
VSFTPD Umask options and ownership dkrysak Linux - Software 0 09-10-2004 07:30 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 02:08 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration