LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)
-   -   How do I allow an ftp user access to 2 directories? (https://www.linuxquestions.org/questions/linux-security-4/how-do-i-allow-an-ftp-user-access-to-2-directories-469823/)

beammeup 08-01-2006 02:01 PM
How do I allow an ftp user access to 2 directories?
 
:scratch:

I am using RH 3 vsftp. The directories are /iq8/repository/inputfiles and /iq8/repository/outputfiles. Ownership of these directories is as follows:

drwxr-xr-x 13 root root 4096 Jun 27 19:56 iq8
within iq8:

drwxrwxrwx 9 iq8 buildeng 4096 Jun 28 12:20 repository

within repository:

drwxr-xr-x 2 iq8 buildeng 4096 Aug 1 13:30 inputfiles
drwxr-xr-x 2 iq8 buildeng 4096 Jun 26 14:27 outputfiles

I don't want to add the ftp user to the buildeng group because of other directories/files that are owned by that group.

Any help will be much appreciated.

Thanks

fakie_flip 08-01-2006 04:42 PM
What is the reason for using software from the dinosaur ages? Redhat 3 is very old and probably not supported anymore with updates. Mount the directories to empty directories in the ftp user's home directory. Here is an example.

The ftp user's name is john, and you want john to be able to see two directories called foo and bar that are in the root directory.

Code:
mkdir /home/john/foo
mkdir /home/john/bar

# mount -o bind -t ext3 /foo /home/john/foo
# mount -o bind -t ext3 /bar /home/john/bar
Also you should change the permissions of the directories for others. Here is an example.

Code:
# chmod o+rwx foo
Now anyone who is not the owner of foo or in the same group that foo has can read, write and execute foo.

live_dont_exist 08-02-2006 05:48 AM
Maybe not in this case but if you want to have better control over file and folder permissions you might want to look at getfacl and setfacl ... so you can add permissions for a user just for a couple of files using "setfacl" rather than adding him to the group itself....

Also get rid of RH 3 ... wait ... you dont mean Red Hat Enterpise Linux 3.0 ... do you?? .. if Yes then its fine... :)

beammeup 08-02-2006 07:48 AM
I did mean redhat enterprise 3. Most of our apps don't support Redhat Enterprise 4 yet.

Thanks for all your help. These are some very good ideas.

beammeup 08-02-2006 09:12 AM
I have mounted the directories into the home directory of the ftp user and chrooted the user there. but I am running into on other issue.

How do I allow my ftp user to put files in this directory without adding him to the group. I tried to set the acl using setfacl but it tells me:

[root@lxdi1iq8 repository]# getfacl inputfiles/
# file: inputfiles
# owner: iq8
# group: buildeng
user::rwx
group::r-x
other::r-x

[root@lxdi1iq8 repository]# setfacl -m user:ftpiq8:rw inputfiles
setfacl: inputfiles: Operation not supported

I do not want to allow any other users the ability to write into this directory and I cannot have the ftp user a member of the group buildeng because buildeng also owns a lot of other directories where the ftp user doesn't need to have access.

Thanks

live_dont_exist 08-02-2006 01:54 PM
I think setfacl has a -R option..recursive...for all the files in the directory....also use the -s option n replace the entire ACL... you'll find alot of examples in the man pages of setfacl at the bottom and on the net if you look just in case you get stuck with the syntax which is slightly complicated...

Post back if problems...I'll reply tomorrow if I can ..its 12:30am here in India :)


All times are GMT -5. The time now is 03:00 PM.