Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Hello, I'm trying to set up a read only FTP user; basically, they have the ability to browse a particular images folder and download, but not write (or delete accidentally).
I've got it set up so the FTP user logs in directly to the folder, so I'm good with that; but they still have write permissions.
We have an application built in PHP that copies image uploads to this folder; it also resizes them in the same folder. So in addition to the main FTP user (me) who needs write access to this folder, whatever the Apache/PHP user is (not sure?) also needs write access.
Is there a simple way to affect read/write permissions on a user level? I am about as newbie as they come, so I apologize if this is Linux 101.
The simple way is to just change the folder permissions. Assign the folder and files that they are FTPing into to 644, assuming the user is not the user the directory is assigned to then all they would be able to do is read so long as the user is in group or other. Under 644 the main user the directory belongs to is still able to write to it, however I would advise not using FTP to log in as a user with write or execute privellages, rather using SFTP, FTPS or SCP as these are much more secure.
The folder belongs to my primary FTP user. So you're saying if I set the permissions to 644, the primary FTP user will be able to write, and the secondary FTP user will only be able to read.
My question: do I have to do anything to the Apache/PHP user in order to make sure the scripts are able to write to the directory? And if so, how? If it's a lengthy process to describe, I would appreciate any tips on documentation to read up on, and maybe I can post some more specific questions. I guess I'm just not even sure where to start.
Point taken about migrating to SFTP; I'll speak to the client and make this more secure.
With this added, I would place this further, if you ensure you and Apache/PHP are in the same group and use 664, then ensure that the user(s) that can only view are not within the same group and use chmod directory 664 this should give you drw-rw-r-- what means those in the other category can only read. I would test this out before making it live of course.
When bringing this up with your client, I'd advise reminding your client that FTP transmits username and password information in an unencrypted/plain text form that anybody with even the most basic form of packet sniffer near to or along the route can potentially listen too your FTP transmissions and get your login information.
Last edited by r3sistance; 10-19-2009 at 02:41 PM.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.