On Fri, 14 Jul 2017 07:53, Götz Reinicke - IT Koordinator wrote:
Am 13.07.17 um 17:10 schrieb Tris Hoar:
On 13/07/2017 14:38, Götz Reinicke - IT Koordinator wrote:
Am 13.07.17 um 14:46 schrieb Pete Biggs:
I have a vsftp server and two users for up and download.
If user Alice uploads a file, the owner is set to Alice as expected
"-rw-r--r-- alice ftpuploadgroup"
Now Bob can login to the same folder and is able to rename the
uploaded
file.
Bob can also rename an uploaded folder, but can't rename a file in
that
folder ....
I'm confused, as I don't get why this is possible at all.
What are the permissions and ownership on the directory the uploads go
in? If its group is 'ftpuploadgroup' and has group write permissions
than any member of that group can rename files in that directory. If a
user creates a directory, then that will have rwxr-xr-x permissions so
they won't be able to rename files within that directory.
The permissions for the upload folder are drwx-wx--- and the owner is
Bob group is ftpuploadgroup
Alice is member of that group, but should only drop files in.
The files are ownd by Alice, and I'm bit iritated, taht Bob can rename
tham ... as Bob only has read permision (from the group)
The files in a subfolder have the same permissions and Bob cant change
tham...
Thanks for your feedback . /G
He does not have read only permission from the group. He is the folder
owner and so can change things within that folder. You need to change
the folder to something other than Bob.
The sub dir does not have the same permissions. Alice is the owner.
What is the end goal you want. E.g. Bob and Alice and can upload, Bob
can read files both he and Alice upload but Alice can only read her
files. Perhaps we can suggest permissions that would do what you want?
Thanks Tris, thanks Peter,
the goal is, that the FTP server is a Dropbox for Alice, so she can
upload files and folders and is not able to see the uploaded files
(drwx-wx--- for the main older).
Bob should be able to rename the files and folders by ftp. (and of
course be able to download them.)
If this is not possible with the standad permissions, I'm fine, in the
past Users did not try to upload folders and others did not rename
...Than we look for an other workflow.
But hey, may be you have an idea on a god permission set.
Regards . Götz
At least one possibilities with "standard unix permissions":
The Dropbox-Folder and any subfolders are owned by user Bob and
the ftpuploadgroup group with rights (drwx-wx---) or even added
setgid bit (drwx-ws---).
That way user Alice can upload files into these folders, but can't
see into the folders, while Bob as the owner of the folder has the
needed rights to manage the contents.
But if the files / sub-folders have no group write bit the things get
iffy in a very subtle and ugly way.
So your dropbox folder should look like this:
[code]
ls -la dropbox-folder
[/code]
drwx-ws--- bob ftpuploadgroup 60 14. Jul 13:13 .
dr-xr-xr-x ftp ftp 120 14. Jul 13:12 ..
-rw-rw-r-- alice ftpuploadgroup 421 14. Jul 13:13 test-drop-file
IMHO the first thing Bob should do is to set group write bit,
claim ownership of the files, then move them elsewhere.
[code]
chmod -R g+w dropbox-folder/*
chown -R bob:ftpuploadgroup dropbox-folder/*
mv -t target-dir dropbox-folder/*
[/code]
If necessary, put the first two commands (with absolute paths)
into a shell script, mark it executeable put it in /usr/local/bin
and allow Bob to use it with sudo.
YMMV, but at least for me this arangement works.
- Yamaban.
_______________________________________________
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos
