PDA

View Full Version : Changing Permissions of files.



Elliot
29th July 2007, 11:38 AM
Hi,

I have a script which a user can execute to update their files. It works for both a User and an Admin.

files are in the following format....

filename || owner:admingroup || 770

If an admin uupdates the files they can sudo, chown and chmod the files so that all files and folders for that user so they are the above format. Thats fine.

the question is how can i make it so that if a User updates the files they can set the permissions after the update is complete.

It ends up like...

filename || owner:owner || 700

Which is no good for me.

Thanks

nspmangalore
29th July 2007, 11:54 AM
elliot, could you rephrase your prob please

Elliot
29th July 2007, 12:02 PM
Sure.

I will show you examples.....

-rw-r--r-- 1 dave dave 2676249 Jul 29 11:12 engine_amd.so
-rw-r--r-- 1 dave dave 2684547 Jul 29 11:12 engine_i486.so
-rw-r--r-- 1 dave dave 2666563 Jul 29 11:12 engine_i686.so

i want there to be a group for admin ftp purposes.

[dave@localhost cspriv]$ chown dave:serveradmin engine_amd.so
chown: changing ownership of `engine_amd.so': Operation not permitted

What i can do is the chmod .... so dave can do chmod 770 -R /home/dave but the admin group can not do anything with out the group been set to serveradmin.

Does this help?

Elliot
29th July 2007, 02:22 PM
I have seen somethings allowing chgrp. Allowing users to chgrp, is this a security risk? If it is not how could i do it?

marcrblevins
29th July 2007, 09:09 PM
Since you are talking about ftp purposes, leave it at root:root, belongs in /var/ftp/pub, etc.

Elliot
29th July 2007, 09:58 PM
its in /home/username .... also that would mean other users would be able to get into each others files. I need chown or chgrp to work.

marcrblevins
30th July 2007, 06:16 AM
Oh, you meant to login as your user name instead of anonymous.

Using?
# Uncomment this to allow local users to log in.
local_enable=YES

I didn't think vsftpd would let you see other /home directories... Never tried it myself cause I'm the only user, go figure.

Anyway about Selinux part. If you have it on, you need:


su -
getsebool -a | grep ftp
setseboll -P ftp_home_dir on
getsebool -a | grep ftp

May sure you see ftp_home_dir is on.

My result.
[root@kiriyamablevins vsftpd]# getsebool -a | grep ftp
allow_ftpd_anon_write --> on
allow_ftpd_full_access --> off
allow_ftpd_use_cifs --> off
allow_ftpd_use_nfs --> off
ftp_home_dir --> on
httpd_enable_ftp_server --> off
[root@kiriyamablevins vsftpd]#