[Cialug] Permissions Assistance Please?
Josh More
morej at alliancetechnologies.net
Wed Jan 30 12:12:24 CST 2008
I faced this problem a few years ago and couldn't get it secure enough.
I eventually came up with two solutions:
1) Have a watcher that moves the files once they stop growing, have
apache refer to the new location with new permissions. (Some nasty race
conditions can occur here.)
2) Write a PHP upload system with an administrative function. (We did
this one).
We've actually turned the PHP-based solution into a product. However,
as this is not a commercial, contact me off list if you want to see it.
-Josh More, RHCE, CISSP, NCLP, GIAC
morej at alliancetechnologies.net
515-245-7701
>>> "Nathan C. Smith" <nathan.smith at ipmvs.com> 01/30/08 12:03 PM >>>
I'm trying to create an FTP "drop-box". I'd like to make it easy for
clients to drop files off and easy for internal people to retrieve the
files. Right now I am using vsftpd and I have a directory set up under
/home/ftp called upload for new files.
So far the FTP part works fine. An anonymous user can drop files into
the
upload folder and they cannot see (ls -lasp etc.) anything that is in
the
folder.
The problem is that I would like to set up a web server that does a
directory listing of the files that are in the anonymous drop box.
Right
now the web server runs as www-data and vsftp runs as ftp.
Here are the permissions on the upload folder right now:
4 drwx-ws-wx 2 root root 4096 Jan 30 11:53 upload/
is there a way to make this work using permissions alone or do I have to
change the user one of the services run as? If I set everything to 777
It
works but I lose the privacy in the ftp directory I was going for. ls
-lasp
will show all the files on the site.
I could use some help or a little lesson in permissions.
As an aside, this isn't going to be in place 24x7. I will use a rule in
the
firewall to flip the FTP availability to 'on' only when we know we have
a
large inbound file.
Thanks.
-Nate
_______________________________________________
Cialug mailing list
Cialug at cialug.org
http://cialug.org/mailman/listinfo/cialug
More information about the Cialug
mailing list