LinuxQuestions.org
View the Most Wanted LQ Wiki articles.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices

Reply
 
Search this Thread
Old 01-13-2012, 04:57 AM   #1
FancY_Hat
LQ Newbie
 
Registered: Jan 2012
Posts: 8

Rep: Reputation: Disabled
restrict users on a fileserver


Hello!
I've been a proud Linux (mainly Fedora) user since 2006, and I finally decided to take on a the new challenge of running a web accesible file server in my home. I have CentOS 6.2 running on a headless (and indeed no GUI at all! command line only!) file server, and I'm trying to create a user account with some restrictions
I want to give the user full read/write permissions via sftp but no delete, or direct ssh capabilities. That is to say, that I want them to be able to upload and download from one file on the server, but not delete, or give direct ssh commands to it. Is this possible? if not, what compromises must I make?
Any help is great! thanks in advance
 
Click here to see the post LQ members have rated as the most helpful post in this thread.
Old 01-13-2012, 06:06 AM   #2
deep27ak
Senior Member
 
Registered: Aug 2011
Location: Bangalore, India
Distribution: rhel 5x,6.0,6.2, centOS 5x,6.0,6.2
Posts: 1,188
Blog Entries: 4

Rep: Reputation: 219Reputation: 219Reputation: 219
Hello FancY_Hat,

I believe that you are planning to use users for logging in ftp server rather than anonymous user.

You need to implement sticky bit permission on the ftp directory so that any user can log in, view the files, download but can not delete them. As only the owner of the file can delete the file.

Code:
#chmod -R 1777 /ftp/directory
this will give sticky bit permission to all the existing directories
So when any user logs in he/she can create a file and will also be able to delete that particular file created by him/her.

he/she can also have access to already present directories and file but due to lack of execute permission and presence of sticky bit won't be able to delete any thing except for the files they create.

Last edited by deep27ak; 01-13-2012 at 06:13 AM.
 
2 members found this post helpful.
Old 01-13-2012, 04:54 PM   #3
FancY_Hat
LQ Newbie
 
Registered: Jan 2012
Posts: 8

Original Poster
Rep: Reputation: Disabled
thank you for you reply. I feel kind of dumb now; i've used chmod before, and I get that the -R makes it recursive, but what is the 1777 for? Just curious
 
Old 01-13-2012, 06:26 PM   #4
MartinStrec
Member
 
Registered: Jan 2012
Location: Czech
Distribution: Fedora, RHEL, Ubuntu, Mint
Posts: 110

Rep: Reputation: 13
Hi,

it was just a mistake.

Of course it has to be 777 instead of 1777 :-)

777 it means grant all right for owner, owner group, others.

see http://www.zzee.com/solutions/linux-permissions.shtml
 
Old 01-15-2012, 02:37 PM   #5
Reuti
Senior Member
 
Registered: Dec 2004
Location: Marburg, Germany
Distribution: openSUSE 11.4
Posts: 1,319

Rep: Reputation: 252Reputation: 252Reputation: 252
I get the impression that two things here are mixed up. First about the permissions. If you have a directory tree full of stuff which is only accessible for the user right now, using chmod -R 777 will make all files executable, whether itís appropriate or not. Instead of using the numeric mode, there is the symbolic option uppercase X:
Code:
$ ls -lhd xx yy zz
drwx------  2 reuti  staff    68B 15 Jan 21:16 xx
-rwxr--r--  1 reuti  staff     0B 15 Jan 21:10 yy
-rw-r--r--  1 reuti  staff     0B 15 Jan 21:10 zz
$ chmod go+rX xx yy zz
$ ls -lhd xx yy zz
drwxr-xr-x  2 reuti  staff    68B 15 Jan 21:16 xx
-rwxr-xr-x  1 reuti  staff     0B 15 Jan 21:10 yy
-rw-r--r--  1 reuti  staff     0B 15 Jan 21:10 zz
Only files which are executable for the user, will get it set for group and other.

Giving access via sftp but no ssh is answered here.
 
Old 01-15-2012, 03:33 PM   #6
lithos
Senior Member
 
Registered: Jan 2010
Location: SI : 45.9531, 15.4894
Distribution: CentOS, OpenNA/Trustix, testing desktop openSuse 12.1 /Cinnamon/KDE4.8
Posts: 1,144

Rep: Reputation: 217Reputation: 217Reputation: 217
Perhaps you need modified shell:
- LQ allowing-sftp-without-giving-a-shell -> post #6
- rssh-shell
- sftp chroot

I hope something will help you


good luck
 
Old 01-16-2012, 01:12 AM   #7
deep27ak
Senior Member
 
Registered: Aug 2011
Location: Bangalore, India
Distribution: rhel 5x,6.0,6.2, centOS 5x,6.0,6.2
Posts: 1,188
Blog Entries: 4

Rep: Reputation: 219Reputation: 219Reputation: 219
Quote:
Originally Posted by FancY_Hat View Post
thank you for you reply. I feel kind of dumb now; i've used chmod before, and I get that the -R makes it recursive, but what is the 1777 for? Just curious
1 is additional permission used for sticky bit in which an owner can only delete the file rest all others will lack the delete permission.

you can refer to this link for further knowledge

http://www.linuxquestions.org/questi...d-sgid-258719/

Quote:
Originally Posted by Reuti View Post
I get the impression that two things here are mixed up.
The answer which I gave was in a case when there is no user or group defined in that case 777 is required but yes as per your post one can create a group and give 775 or 776 permission but in any case sticky bit would be required to prevent the users from deleting any directory created by other users. without the execute permission the users won't be able to login to ftp server.

Or we can do one thing create a upload directory for uploading the files and removing the execute permission.
 
Old 01-22-2012, 02:16 PM   #8
FancY_Hat
LQ Newbie
 
Registered: Jan 2012
Posts: 8

Original Poster
Rep: Reputation: Disabled
thank you all for your help. With the information provided, I have been able to modify the folder apporopriately, and the my users are able to interact with the files as needed
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
linking linux users to windows fileserver niru1978 Linux - Server 1 03-23-2010 05:34 AM
Restrict what commands users can use? jasone *BSD 1 11-30-2006 06:50 AM
restrict/allow ssh users mike30188 Linux - Security 2 06-20-2005 08:37 PM
restrict unix users to ~ novaprime Linux - Software 20 01-25-2005 11:41 PM
How to restrict email from users... Supp0rtLinux Linux - Software 1 01-08-2003 03:37 AM


All times are GMT -5. The time now is 11:24 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration