g.lams@itcilo.org wrote:
Hi All,
On one of my SuSe 9.0 Box, I've a distance learning platform based on php and MySQL. The web designers have ftp access to its folder (unfortunately they never use ssh) and I gave them access creating virtual users (I'm using proftpd).
The permissions on this folder are the following (1001 and 1001 are my respective virtual user and virtual proftp group): drwxrwxr-x 6 1001 1001 4096 Jul 14 19:43 platform
This platform allows the upload of files from the web. The problem is that when a file is uploaded, it takes the permissions of the apache owner, like the following: drwxrwxrwx 2 1001 1001 4096 Jul 15 14:30 . drwxrwxrwx 3 1001 1001 4096 Jul 12 19:16 .. -rw-r--r-- 1 wwwrun www 19456 Jul 15 14:29 prova.doc
Which means that my ftp users are not able to work on those files. Also, to allow the upload of files, for the time being I gave write access to "the world" for this upload folder
Any advice or security best practice regarding this problem would be appreciated
Have a nice day
Gael
Hi! Your problem is not, that the directory is not acesible from the users, but the files created by the real ftp-users. Proftpd is a littlebit difficult to configure, but maybe there is an option for filecreation. If there is no option run a cron-script on your upload-dir that sets correct filerights (e.g. every hour). I personally use vsftpd. There is an option for adding virtual users and for filecreation (chown/chmod) to say for which user/group and rights uploads will be set, pure-ftpd you will be able to add virtual users and set upload-rights as well. In the manpages/howto's (/usr/share/doc/packages/_PACKAGENAME_) there are many examples how to configure these ftp-servers. Here you will find examples for proftpd, too. I hope this helps. Philippe