Mailinglist Archive: opensuse-security (297 mails)
| < Previous | Next > |
Re: [suse-security] Virtual virtual users don't have access to files uploaded from the web
- From: Philippe Vogel <filiaap@xxxxxxxxxx>
- Date: Fri, 16 Jul 2004 12:41:41 +0200
- Message-id: <40F7B0E5.3080005@xxxxxxxxxx>
g.lams@xxxxxxxxxx wrote:
Your problem is not, that the directory is not acesible from the users, but the files created by the real ftp-users. Proftpd is a littlebit difficult to configure, but maybe there is an option for filecreation. If there is no option run a cron-script on your upload-dir that sets correct filerights (e.g. every hour).
I personally use vsftpd. There is an option for adding virtual users and for filecreation (chown/chmod) to say for which user/group and rights uploads will be set, pure-ftpd you will be able to add virtual users and set upload-rights as well.
In the manpages/howto's (/usr/share/doc/packages/_PACKAGENAME_) there are many examples how to configure these ftp-servers. Here you will find examples for proftpd, too.
I hope this helps.
Philippe
Hi All,Hi!
On one of my SuSe 9.0 Box, I've a distance learning platform based on php and MySQL.
The web designers have ftp access to its folder (unfortunately they never use ssh) and I gave them access creating virtual users (I'm using proftpd).
The permissions on this folder are the following (1001 and 1001 are my respective virtual user and virtual proftp group):
drwxrwxr-x 6 1001 1001 4096 Jul 14 19:43 platform
This platform allows the upload of files from the web. The problem is that when a file is uploaded, it takes the permissions of the apache owner, like the following:
drwxrwxrwx 2 1001 1001 4096 Jul 15 14:30 .
drwxrwxrwx 3 1001 1001 4096 Jul 12 19:16 ..
-rw-r--r-- 1 wwwrun www 19456 Jul 15 14:29 prova.doc
Which means that my ftp users are not able to work on those files. Also, to allow the upload of files, for the time being I gave write access to "the world" for this upload folder
Any advice or security best practice regarding this problem would be appreciated
Have a nice day
Gael
Your problem is not, that the directory is not acesible from the users, but the files created by the real ftp-users. Proftpd is a littlebit difficult to configure, but maybe there is an option for filecreation. If there is no option run a cron-script on your upload-dir that sets correct filerights (e.g. every hour).
I personally use vsftpd. There is an option for adding virtual users and for filecreation (chown/chmod) to say for which user/group and rights uploads will be set, pure-ftpd you will be able to add virtual users and set upload-rights as well.
In the manpages/howto's (/usr/share/doc/packages/_PACKAGENAME_) there are many examples how to configure these ftp-servers. Here you will find examples for proftpd, too.
I hope this helps.
Philippe
| < Previous | Next > |