Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Location: United States of America and damn proud of it!
Distribution: Windows 10 prior Red Hat User
Posts: 473
Rep:
File/Folder Permissions with FTP
Hello,
I have an FTP server using VSFTPD. First, it's a major PITA to get working right because the config file is so picky about everything. . . .
However, I have a question about folder and file permissions. I want to allow a user to upload files and copy files down but not REMOVE files from the server via the cut gui tool. What I have is a folder named x and I set permissions for read and write to the ftp user. However, on the files within the folder, I set the permissions as read only. However, this doesn't seem to work because when I FTP from a different box, I can cut files right out of the server. This I do not wish to happen.
Does anyone have any ideas as to how I can get this to work the way I want it to? Thank you.
I want to allow a user to upload files and copy files down but not REMOVE files from the server (...) What I have is a folder named x and I set permissions for read and write to the ftp user. However, on the files within the folder, I set the permissions as read only.
Removing a file changes the listing of its parent dir (it's a filesystem thing). If you would change files to have mode 0700, the parent dir 0500, then remove the file you'd see it would fail. With respect to your email, it would be best if download and upload are separate dirs. Especially if you allow anonymous uploads, the upload dir should not have read permissions and uploaded files should be chmodded to an "inactive" user. This way uploads are not accessable and the risk this feature can be abused will be smaller.
Location: United States of America and damn proud of it!
Distribution: Windows 10 prior Red Hat User
Posts: 473
Original Poster
Rep:
Hi Kat,
Well, I screwed up my entire drive by trying to modify permissions. Someone was able to access the root directory and when I tried to figure out what happened, I locked myself completely out of the machine. I could not boot to the GUI which kind of made the system useless. However, I will when I have the time to reinstall Linux your suggestions.
Location: United States of America and damn proud of it!
Distribution: Windows 10 prior Red Hat User
Posts: 473
Original Poster
Rep:
Thanks, as I said, when I have some time, I'll try those programs but right now, I'm packing to be moving so there's not much time that will be spent on the computer right now.
To u configure on vsftpd the chroot... u have 2 ways...
first go in vsftpd.conf and uncoment the line "chroot_list_enable=YES"
the ways:
1 - Chroot_list: u have to uncomment the line "chroot_list_file=/etc/vsftpd.chroot_list" and after it create the archive vsftpd.chroot_list on /etc , put the user names u want to limit on him folder.
2 - U can write a line enabling all local users to their folders. add a line "chroot_local_user=YES"
It is interesting I found this thread as it's similar to the same issue I have. I am using Pure-FTPD and a FTP server and have setup an upload directory if limited permissions (world has write only). The rest of the directories are all RWX (user and group). My problem is that if someone is wanting to load a program that has sud-directories they are given an error message that they can not recreate the directory.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.