Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
08-01-2006, 03:01 PM
|
#1
|
LQ Newbie
Registered: Mar 2005
Location: Worcester, MA
Distribution: RHEL 3, 4, 5, CentOS 5.x
Posts: 15
Rep:
|
How do I allow an ftp user access to 2 directories?
I am using RH 3 vsftp. The directories are /iq8/repository/inputfiles and /iq8/repository/outputfiles. Ownership of these directories is as follows:
drwxr-xr-x 13 root root 4096 Jun 27 19:56 iq8
within iq8:
drwxrwxrwx 9 iq8 buildeng 4096 Jun 28 12:20 repository
within repository:
drwxr-xr-x 2 iq8 buildeng 4096 Aug 1 13:30 inputfiles
drwxr-xr-x 2 iq8 buildeng 4096 Jun 26 14:27 outputfiles
I don't want to add the ftp user to the buildeng group because of other directories/files that are owned by that group.
Any help will be much appreciated.
Thanks
|
|
|
08-01-2006, 05:42 PM
|
#2
|
Senior Member
Registered: Feb 2005
Location: San Antonio, Texas
Distribution: Gentoo Hardened using OpenRC not Systemd
Posts: 1,495
Rep:
|
What is the reason for using software from the dinosaur ages? Redhat 3 is very old and probably not supported anymore with updates. Mount the directories to empty directories in the ftp user's home directory. Here is an example.
The ftp user's name is john, and you want john to be able to see two directories called foo and bar that are in the root directory.
Code:
mkdir /home/john/foo
mkdir /home/john/bar
# mount -o bind -t ext3 /foo /home/john/foo
# mount -o bind -t ext3 /bar /home/john/bar
Also you should change the permissions of the directories for others. Here is an example.
Now anyone who is not the owner of foo or in the same group that foo has can read, write and execute foo.
|
|
|
08-02-2006, 06:48 AM
|
#3
|
Member
Registered: Aug 2004
Location: India
Distribution: Redhat 9.0,FC3,FC5,FC10
Posts: 257
Rep:
|
Maybe not in this case but if you want to have better control over file and folder permissions you might want to look at getfacl and setfacl ... so you can add permissions for a user just for a couple of files using "setfacl" rather than adding him to the group itself....
Also get rid of RH 3 ... wait ... you dont mean Red Hat Enterpise Linux 3.0 ... do you?? .. if Yes then its fine...
|
|
|
08-02-2006, 08:48 AM
|
#4
|
LQ Newbie
Registered: Mar 2005
Location: Worcester, MA
Distribution: RHEL 3, 4, 5, CentOS 5.x
Posts: 15
Original Poster
Rep:
|
I did mean redhat enterprise 3. Most of our apps don't support Redhat Enterprise 4 yet.
Thanks for all your help. These are some very good ideas.
|
|
|
08-02-2006, 10:12 AM
|
#5
|
LQ Newbie
Registered: Mar 2005
Location: Worcester, MA
Distribution: RHEL 3, 4, 5, CentOS 5.x
Posts: 15
Original Poster
Rep:
|
I have mounted the directories into the home directory of the ftp user and chrooted the user there. but I am running into on other issue.
How do I allow my ftp user to put files in this directory without adding him to the group. I tried to set the acl using setfacl but it tells me:
[root@lxdi1iq8 repository]# getfacl inputfiles/
# file: inputfiles
# owner: iq8
# group: buildeng
user::rwx
group::r-x
other::r-x
[root@lxdi1iq8 repository]# setfacl -m user:ftpiq8:rw inputfiles
setfacl: inputfiles: Operation not supported
I do not want to allow any other users the ability to write into this directory and I cannot have the ftp user a member of the group buildeng because buildeng also owns a lot of other directories where the ftp user doesn't need to have access.
Thanks
|
|
|
08-02-2006, 02:54 PM
|
#6
|
Member
Registered: Aug 2004
Location: India
Distribution: Redhat 9.0,FC3,FC5,FC10
Posts: 257
Rep:
|
I think setfacl has a -R option..recursive...for all the files in the directory....also use the -s option n replace the entire ACL... you'll find alot of examples in the man pages of setfacl at the bottom and on the net if you look just in case you get stuck with the syntax which is slightly complicated...
Post back if problems...I'll reply tomorrow if I can ..its 12:30am here in India
|
|
|
All times are GMT -5. The time now is 12:51 PM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|