Re: Sorting out owner and group permissions...
hi, I have the same problem on some fileservers I do the administration for. But in my case the users send the files via SSH to the server. A solution for this, based on some OS mechanism would be really great :-) Anyone ever had to solve that problem? Regards, --- Mr. Olli On Mo, 2009-04-20 at 15:21 -0400, John Almberg wrote: On Apr 20, 2009, at 2:48 PM, John Almberg wrote: I have a directory called 'scans' that is owned by 'master', but I want to allow 'customer' to FTP images to that directory. This is the way I have permissions set: # ls -l drwxrwxr-x 5 master customer 251904 Apr 20 10:29 scans The problem is that when customer ftp's a file to the directory, the permissions end up like this: -rw-r- 1 customer customer 772584 Apr 20 15:28 image.jpg When a process run by 'master' tries to copy this file to another directory (also owned by master), I get the following: # cp scans/image.jpg thumbs/image.jpg cp: scans/image.jpg: Permission denied The only solution that occurs to me smells like a newbie kludge: to have a root cron job periodically chown all the images to master:customer. This seems like the proverbial sledgehammer. There must be a better way? Any thoughts, much appreciated! Well, I did figure out one way that seems reasonable... since I am using pureftpd, I changed the upload mask in the pureftpd configuration so new files are created with permissions like: -rw-r--r-- 1 customer customer 93177 Apr 20 20:12 image.jpg This seems like a pretty good approach, but if there's a better one, I'm all ears! -- John ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Sorting out owner and group permissions...
On Tuesday 21 April 2009 11:17:40 Mister Olli wrote: hi, I have the same problem on some fileservers I do the administration for. But in my case the users send the files via SSH to the server. A solution for this, based on some OS mechanism would be really great :-) umask(1). -- Mel ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Sorting out owner and group permissions...
hi, no does not work, since using SSH / SFTP does not involve starting a shell. so umask settings don't work. Regards, --- Mr. Olli On Di, 2009-04-21 at 14:36 +0200, Mel Flynn wrote: On Tuesday 21 April 2009 11:17:40 Mister Olli wrote: hi, I have the same problem on some fileservers I do the administration for. But in my case the users send the files via SSH to the server. A solution for this, based on some OS mechanism would be really great :-) umask(1). ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Sorting out owner and group permissions...
On Tuesday 21 April 2009 15:13:47 Mister Olli wrote: no does not work, since using SSH / SFTP does not involve starting a shell. so umask settings don't work. Then you're using the wrong system for the task. The OS can't make assumptions about what the ownership/modes of a file should really be, if an application is telling it they should be different. This is why more mature FTP daemons allow modes/ownerships to be set on upload. The OS already: - gives a new file group of the containing directory so it is easy to create shared files in a shared directory - has a default umask that is world readable - allows changing a users umask The application (sftp) overrides all this and now you're expecting the OS to override that again. Don't think so ;) -- Mel ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Sorting out owner and group permissions...
Hi, I understand your point. But since a application can modify it to a arbritary value there must be some way to keep the app from doing nasty stuff. FreeBSD has MAC implementations ;-))) Regards, --- Mr. Olli On Di, 2009-04-21 at 17:02 +0200, Mel Flynn wrote: On Tuesday 21 April 2009 15:13:47 Mister Olli wrote: no does not work, since using SSH / SFTP does not involve starting a shell. so umask settings don't work. Then you're using the wrong system for the task. The OS can't make assumptions about what the ownership/modes of a file should really be, if an application is telling it they should be different. This is why more mature FTP daemons allow modes/ownerships to be set on upload. The OS already: - gives a new file group of the containing directory so it is easy to create shared files in a shared directory - has a default umask that is world readable - allows changing a users umask The application (sftp) overrides all this and now you're expecting the OS to override that again. Don't think so ;) ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Sorting out owner and group permissions...
On Apr 20, 2009, at 2:48 PM, John Almberg wrote: I have a directory called 'scans' that is owned by 'master', but I want to allow 'customer' to FTP images to that directory. This is the way I have permissions set: # ls -l drwxrwxr-x 5 master customer 251904 Apr 20 10:29 scans The problem is that when customer ftp's a file to the directory, the permissions end up like this: -rw-r- 1 customer customer 772584 Apr 20 15:28 image.jpg When a process run by 'master' tries to copy this file to another directory (also owned by master), I get the following: # cp scans/image.jpg thumbs/image.jpg cp: scans/image.jpg: Permission denied The only solution that occurs to me smells like a newbie kludge: to have a root cron job periodically chown all the images to master:customer. This seems like the proverbial sledgehammer. There must be a better way? Any thoughts, much appreciated! Well, I did figure out one way that seems reasonable... since I am using pureftpd, I changed the upload mask in the pureftpd configuration so new files are created with permissions like: -rw-r--r-- 1 customer customer 93177 Apr 20 20:12 image.jpg This seems like a pretty good approach, but if there's a better one, I'm all ears! -- John ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
