Re: Sorting out owner and group permissions...
Hi, I understand your point. But since a application can modify it to a arbritary value there must be some way to keep the app from doing nasty stuff. FreeBSD has MAC implementations ;-))) Regards, --- Mr. Olli On Di, 2009-04-21 at 17:02 +0200, Mel Flynn wrote: > On Tuesday 21 April 2009 15:13:47 Mister Olli wrote: > > > no does not work, since using SSH / SFTP does not involve starting a > > shell. so umask settings don't work. > > Then you're using the wrong system for the task. The OS can't make > assumptions > about "what the ownership/modes of a file should really be, if an application > is telling it they should be different". > This is why more mature FTP daemons allow modes/ownerships to be set on > upload. > > The OS already: > - gives a new file group of the containing directory so it is easy to create > "shared files" in a "shared directory" > - has a default umask that is world readable > - allows changing a users umask > > The application (sftp) overrides all this and now you're expecting the OS to > override that again. Don't think so ;) ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Sorting out owner and group permissions...
On Tuesday 21 April 2009 15:13:47 Mister Olli wrote: > no does not work, since using SSH / SFTP does not involve starting a > shell. so umask settings don't work. Then you're using the wrong system for the task. The OS can't make assumptions about "what the ownership/modes of a file should really be, if an application is telling it they should be different". This is why more mature FTP daemons allow modes/ownerships to be set on upload. The OS already: - gives a new file group of the containing directory so it is easy to create "shared files" in a "shared directory" - has a default umask that is world readable - allows changing a users umask The application (sftp) overrides all this and now you're expecting the OS to override that again. Don't think so ;) -- Mel ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Sorting out owner and group permissions...
hi, no does not work, since using SSH / SFTP does not involve starting a shell. so umask settings don't work. Regards, --- Mr. Olli On Di, 2009-04-21 at 14:36 +0200, Mel Flynn wrote: > On Tuesday 21 April 2009 11:17:40 Mister Olli wrote: > > hi, > > > > I have the same problem on some fileservers I do the administration for. > > But in my case the users send the files via SSH to the server. > > > > A solution for this, based on some OS mechanism would be really > > great :-) > > umask(1). ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Sorting out owner and group permissions...
On Tuesday 21 April 2009 11:17:40 Mister Olli wrote: > hi, > > I have the same problem on some fileservers I do the administration for. > But in my case the users send the files via SSH to the server. > > A solution for this, based on some OS mechanism would be really > great :-) umask(1). -- Mel ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Sorting out owner and group permissions...
hi, I have the same problem on some fileservers I do the administration for. But in my case the users send the files via SSH to the server. A solution for this, based on some OS mechanism would be really great :-) Anyone ever had to solve that problem? Regards, --- Mr. Olli On Mo, 2009-04-20 at 15:21 -0400, John Almberg wrote: > On Apr 20, 2009, at 2:48 PM, John Almberg wrote: > > > I have a directory called 'scans' that is owned by 'master', but I > > want to allow 'customer' to FTP images to that directory. This is > > the way I have permissions set: > > > > # ls -l > > drwxrwxr-x 5 master customer 251904 Apr 20 10:29 scans > > > > The problem is that when customer ftp's a file to the directory, > > the permissions end up like this: > > > > -rw-r- 1 customer customer 772584 Apr 20 15:28 image.jpg > > > > When a process run by 'master' tries to copy this file to another > > directory (also owned by master), I get the following: > > > > # cp scans/image.jpg thumbs/image.jpg > > cp: scans/image.jpg: Permission denied > > > > The only solution that occurs to me smells like a newbie kludge: to > > have a root cron job periodically chown all the images to > > master:customer. This seems like the proverbial sledgehammer. There > > must be a better way? > > > > Any thoughts, much appreciated! > > Well, I did figure out one way that seems reasonable... since I am > using pureftpd, I changed the upload mask in the pureftpd > configuration so new files are created with permissions like: > > -rw-r--r-- 1 customer customer 93177 Apr 20 20:12 image.jpg > > This seems like a pretty good approach, but if there's a better one, > I'm all ears! > > -- John > > ___ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org" ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Sorting out owner and group permissions...
On Apr 20, 2009, at 2:48 PM, John Almberg wrote: I have a directory called 'scans' that is owned by 'master', but I want to allow 'customer' to FTP images to that directory. This is the way I have permissions set: # ls -l drwxrwxr-x 5 master customer 251904 Apr 20 10:29 scans The problem is that when customer ftp's a file to the directory, the permissions end up like this: -rw-r- 1 customer customer 772584 Apr 20 15:28 image.jpg When a process run by 'master' tries to copy this file to another directory (also owned by master), I get the following: # cp scans/image.jpg thumbs/image.jpg cp: scans/image.jpg: Permission denied The only solution that occurs to me smells like a newbie kludge: to have a root cron job periodically chown all the images to master:customer. This seems like the proverbial sledgehammer. There must be a better way? Any thoughts, much appreciated! Well, I did figure out one way that seems reasonable... since I am using pureftpd, I changed the upload mask in the pureftpd configuration so new files are created with permissions like: -rw-r--r-- 1 customer customer 93177 Apr 20 20:12 image.jpg This seems like a pretty good approach, but if there's a better one, I'm all ears! -- John ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"