LinuxQuestions.org
Go Job Hunting at the LQ Job Marketplace
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices



Reply
 
Search this Thread
Old 08-01-2006, 03:01 PM   #1
beammeup
LQ Newbie
 
Registered: Mar 2005
Location: Worcester, MA
Distribution: RHEL 3, 4, 5, CentOS 5.x
Posts: 15

Rep: Reputation: 0
Unhappy How do I allow an ftp user access to 2 directories?




I am using RH 3 vsftp. The directories are /iq8/repository/inputfiles and /iq8/repository/outputfiles. Ownership of these directories is as follows:

drwxr-xr-x 13 root root 4096 Jun 27 19:56 iq8
within iq8:

drwxrwxrwx 9 iq8 buildeng 4096 Jun 28 12:20 repository

within repository:

drwxr-xr-x 2 iq8 buildeng 4096 Aug 1 13:30 inputfiles
drwxr-xr-x 2 iq8 buildeng 4096 Jun 26 14:27 outputfiles

I don't want to add the ftp user to the buildeng group because of other directories/files that are owned by that group.

Any help will be much appreciated.

Thanks
 
Old 08-01-2006, 05:42 PM   #2
fakie_flip
Senior Member
 
Registered: Feb 2005
Location: san antonio, texas
Distribution: Fedora 64 bit RAID0 + LUKS, CentOS (server), Backtrack, Gentoo Hardened
Posts: 1,441

Rep: Reputation: 81
What is the reason for using software from the dinosaur ages? Redhat 3 is very old and probably not supported anymore with updates. Mount the directories to empty directories in the ftp user's home directory. Here is an example.

The ftp user's name is john, and you want john to be able to see two directories called foo and bar that are in the root directory.

Code:
mkdir /home/john/foo
mkdir /home/john/bar

# mount -o bind -t ext3 /foo /home/john/foo
# mount -o bind -t ext3 /bar /home/john/bar
Also you should change the permissions of the directories for others. Here is an example.

Code:
# chmod o+rwx foo
Now anyone who is not the owner of foo or in the same group that foo has can read, write and execute foo.
 
Old 08-02-2006, 06:48 AM   #3
live_dont_exist
Member
 
Registered: Aug 2004
Location: India
Distribution: Redhat 9.0,FC3,FC5,FC10
Posts: 257

Rep: Reputation: 30
Maybe not in this case but if you want to have better control over file and folder permissions you might want to look at getfacl and setfacl ... so you can add permissions for a user just for a couple of files using "setfacl" rather than adding him to the group itself....

Also get rid of RH 3 ... wait ... you dont mean Red Hat Enterpise Linux 3.0 ... do you?? .. if Yes then its fine...
 
Old 08-02-2006, 08:48 AM   #4
beammeup
LQ Newbie
 
Registered: Mar 2005
Location: Worcester, MA
Distribution: RHEL 3, 4, 5, CentOS 5.x
Posts: 15

Original Poster
Rep: Reputation: 0
Smile

I did mean redhat enterprise 3. Most of our apps don't support Redhat Enterprise 4 yet.

Thanks for all your help. These are some very good ideas.
 
Old 08-02-2006, 10:12 AM   #5
beammeup
LQ Newbie
 
Registered: Mar 2005
Location: Worcester, MA
Distribution: RHEL 3, 4, 5, CentOS 5.x
Posts: 15

Original Poster
Rep: Reputation: 0
I have mounted the directories into the home directory of the ftp user and chrooted the user there. but I am running into on other issue.

How do I allow my ftp user to put files in this directory without adding him to the group. I tried to set the acl using setfacl but it tells me:

[root@lxdi1iq8 repository]# getfacl inputfiles/
# file: inputfiles
# owner: iq8
# group: buildeng
user::rwx
group::r-x
other::r-x

[root@lxdi1iq8 repository]# setfacl -m user:ftpiq8:rw inputfiles
setfacl: inputfiles: Operation not supported

I do not want to allow any other users the ability to write into this directory and I cannot have the ftp user a member of the group buildeng because buildeng also owns a lot of other directories where the ftp user doesn't need to have access.

Thanks
 
Old 08-02-2006, 02:54 PM   #6
live_dont_exist
Member
 
Registered: Aug 2004
Location: India
Distribution: Redhat 9.0,FC3,FC5,FC10
Posts: 257

Rep: Reputation: 30
I think setfacl has a -R option..recursive...for all the files in the directory....also use the -s option n replace the entire ACL... you'll find alot of examples in the man pages of setfacl at the bottom and on the net if you look just in case you get stuck with the syntax which is slightly complicated...

Post back if problems...I'll reply tomorrow if I can ..its 12:30am here in India
 
  


Reply

Tags
ftp, redhat, security


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
ftp : access denied to some files / directories as root XavierX Linux - Software 2 07-18-2006 07:01 AM
Need help setting up user that will have FTP access imsam Linux - Newbie 8 03-24-2006 06:16 PM
I lose ftp access when I disable shell access for user captainObvious Linux - General 3 11-13-2004 06:49 PM
FTP Security on viewing user directories joshnya Linux - Security 3 02-23-2003 11:34 AM
Havin trouble allowing FTP users to access files and directories bripage Linux - Networking 9 04-15-2002 04:54 PM


All times are GMT -5. The time now is 01:16 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration