DaemonForums  

Go Back   DaemonForums > FreeBSD > FreeBSD General

FreeBSD General Other questions regarding FreeBSD which do not fit in any of the categories below.

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 7th July 2008
disappearedng disappearedng is offline
Shell Scout
 
Join Date: May 2008
Posts: 128
Default Pureftp and changing permissions

How do I change permission for a whole group?
Hi everyone. I am using Pureftpd and I have come to the following question (which are not related to pureftpd).

1) How do you change permission for the whole group
2) I have created a new group vftp (for virtual ftp) and a user vftp. If I want to add more users (let say user1) in pureftpd via pure-pw useradd, will that add user1 into the group vftp or something else?
3) How do I change permission of a symbolic link: If I do not want a specific group to access it, what can I do?
4) How do you remove symbolic links safely?
Reply With Quote
  #2   (View Single Post)  
Old 7th July 2008
scottro's Avatar
scottro scottro is offline
Real Name: Scott Robbins
ISO Quartermaster
 
Join Date: Apr 2008
Location: NYC
Posts: 652
Default

You can remove a symbolic link without removing the thing that it links to.

As for pure-ftpd, I have a little page on it, that might or might not be useful.
http://www.scottro.net/qnd/qnd-pureftpd.html
Reply With Quote
  #3   (View Single Post)  
Old 8th July 2008
disappearedng disappearedng is offline
Shell Scout
 
Join Date: May 2008
Posts: 128
Default

Ok that is quite detailed but not exactly what I am looking to do.

WHat I want to do is to set a specific directory so that the ftpusers using my ftp can only read but not write to one specific folder, let say data. I don't want them to go higher directories and want to jail them to whatever their home directories are located.

Let say data is located under /usr/home and I want my ftp users to be able to go into their own directories AND /usr/home/data. I do not want them to access anything above Data. They can only read but not write and certainly not execute.

I know this is very similar to the concept of jails but the internet has only referenced to ssh jails to me.

Thx
Reply With Quote
  #4   (View Single Post)  
Old 8th July 2008
disappearedng disappearedng is offline
Shell Scout
 
Join Date: May 2008
Posts: 128
Default

TO be more specific:
I want to perform the following properties for my FTP users:
1) Can't Create, Can't execute and only read.
2) If I add a person to this group, he/she will inherit the same properties as the group.
3) Make /usr/home/data visibile to these users, and they are only able to go to their default home directory (i think a symbolic link will solve that, but I don't want them to go to the symbolic link and do a #cd ..)

thx
Reply With Quote
  #5   (View Single Post)  
Old 8th July 2008
scottro's Avatar
scottro scottro is offline
Real Name: Scott Robbins
ISO Quartermaster
 
Join Date: Apr 2008
Location: NYC
Posts: 652
Default

I think you'll have to play around with symlinks and permissions. Off the top of my head, I think that if you chroot them to their home directory and symlink /usr/share/data to the home directory, they shouldn't be able to get into that and cd up from it. However, that's not tested.

In the case where I've set up similar things, we used Linux and Linux ACL's, so I can't be sure if the advice I give above will work or not.
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Permissions error J05HYYY NetBSD Package System (pkgsrc) 1 7th October 2009 11:05 PM
Permissions for zzz / acpiconf Mantazz FreeBSD General 0 15th September 2009 10:43 PM
permissions and FTP/HTTP Yuka FreeBSD General 0 20th October 2008 10:32 PM
PureFTP + TLS / or SFTP plexter OpenBSD Security 11 6th October 2008 10:32 PM


All times are GMT. The time now is 08:30 PM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick