[Cialug] Permissions Assistance Please?

David Champion dchampion at visionary.com
Wed Jan 30 12:41:23 CST 2008


Props to proftpd. I switched to it a long time ago, I wouldn't think 
about going back to something else like the WU ftp server (shudders).

I was wondering if you could do the permissions on a user ACL basis, and 
just have people use their browser to go to ftp://<your site>.

-dc

Matthew Nuzum wrote:
> Using proftpd I do something like this:
>
> <Directory /path/to/upload/Ftp>
>    <Limit RETR, SITE, READ, LIST, MKD, DELE, RMD, CDUP, CWD, MDTM, NLST,
> RNFR, X
> CUP, XCWD, XPWD>
>         DenyAll
>    </Limit>
>    HideUser  www-data
>    GroupOwner www-data
>    Umask 011
> </Directory>
>
> But better yet is to use webdav, which is incredibly easy now that apache2
> is common. Using webdav means the files will be owned by the webserver
> automatically.
>
> The problem with using a php upload script is that I don't like messing with
> the max upload size of PHP nor do I like long-running apache processes.
> Using either of the above, the file can be as large as you have free disk
> space.
>
> On Jan 30, 2008 12:03 PM, Nathan C. Smith <nathan.smith at ipmvs.com> wrote:
>
>   
>> I'm trying to create an FTP "drop-box".  I'd like to make it easy for
>> clients to drop files off and easy for internal people to retrieve the
>> files.  Right now I am using vsftpd and I have a directory set up under
>> /home/ftp called upload for new files.
>>
>> So far the FTP part works fine.  An anonymous user can drop files into the
>> upload folder and they cannot see (ls -lasp etc.) anything that is in the
>> folder.
>>
>> The problem is that I would like to set up a web server that does a
>> directory listing of the files that are in the anonymous drop box.  Right
>> now the web server runs as www-data and vsftp runs as ftp.
>>
>> Here are the permissions on the upload folder right now:
>>
>> 4 drwx-ws-wx 2 root root    4096 Jan 30 11:53 upload/
>>
>> is there a way to make this work using permissions alone or do I have to
>> change the user one of the services run as?  If I set everything to 777 It
>> works but I lose the privacy in the ftp directory I was going for.  ls
>> -lasp
>> will show all the files on the site.
>>
>> I could use some help or a little lesson in permissions.
>>
>> As an aside, this isn't going to be in place 24x7.  I will use a rule in
>> the
>> firewall to flip the FTP availability to 'on' only when we know we have a
>> large inbound file.
>>
>> Thanks.
>>
>> -Nate
>>     




More information about the Cialug mailing list