Stupid chmod/permissions question..

sspiro · 01-10-2011, 10:23 PM

I always seem to confuse the hell out of myself when doing permissions..

I need to allow a user (named "user", member of the "ftp" group) full read/write/execute access to the /var folder for ftp'ing.

What is the best chmod command to run to accomplish this task? I can't seem to get it riht..

kbp · 01-10-2011, 10:40 PM

To the entire /var directory ??? .. probably not ideal, can you restrict to say /var/ftp or something ? .. if you cant it may be better to use an acl to give the user access

sspiro · 01-10-2011, 10:45 PM

Quote:

Originally Posted by kbp

To the entire /var directory ??? .. probably not ideal, can you restrict to say /var/ftp or something ? .. if you cant it may be better to use an acl to give the user access

If not the /var directory, then the /var/www

It's for my own usage, for setting up my webserver at home, etc. After i'm done transfering files and setting up, etc i'll disable the access and the ftp account.

But for now, i can't ftp in to my box and accomplish what I want and its frustrating me.

kbp · 01-10-2011, 10:52 PM

Take a look at 'man setfacl' ... let us know if you need help

cheers

sspiro · 01-10-2011, 11:02 PM

Quote:

Originally Posted by kbp

Take a look at 'man setfacl' ... let us know if you need help

cheers

I have no exposure to acl's at all.. So yes, help would be awesome.

kbp · 01-11-2011, 06:26 AM

Basically you can use acl's to provide access to files and directories without changing the base UGO permissions

eg.

Code:

[me@xxxxxx tmp]$ mkdir -p blah/test/test2/crapola
[me@xxxxxx tmp]$ ls -ld blah/
drwxrwxr-x. 3 me me 4096 Jan 11 23:11 blah/
[me@xxxxxx tmp]$ getfacl blah
# file: blah
# owner: me
# group: me
user::rwx
group::rwx
other::r-x

[me@xxxxxx tmp]$ setfacl -Rm u:testuser:rwx blah
[me@xxxxxx tmp]$ getfacl blah
# file: blah
# owner: me
# group: me
user::rwx
user:testuser:rwx
group::rwx
mask::rwx
other::r-x

[me@xxxxxx tmp]$ getfacl blah/test
# file: blah/test
# owner: me
# group: me
user::rwx
user:testuser:rwx
group::rwx
mask::rwx
other::r-x

The '-m' argument is modify and the '-R' means recursive, to remove an acl use '-x' or '-b' to remove all extended acl's. So to provide access to /var/www for user 'user', you could run 'setfacl -Rm u:user:rwx /var/www' and an 'ls -ld /var/www' wouldn't look any different, the same UGO permissions would be present.

Hope this is clear enough, cheers

sspiro · 01-11-2011, 07:29 AM

It is; it's beautiful. Thanks for the help!!!