I need to allow members of the group 'ftpusers' to be able to change permissions on all objects inside a certain directory. I was looking into how to do it but all I have found is how to do it on BSD:
chmod +a "ftpgroup allow writesecurity" /some/dir
I need exactly the same thing but for Debian/GNU.
Thanks
-
Just give the 'ftpusers' write permissions and ownership on that directory:
chgrp ftpusers <directory> chmod g+rwx <directory>And then set the GID bit so all new files inherit group ownership:
chmod g+s <directory>Drasko : That was my thought exactly but it doesn't work, I get 'Operation not permitted' if I try to change anythingVitaliy : What are the current permissions?Drasko : drwxrwxr-x 9 drasko ftpgroup 4096 2010-03-25 10:20 dirnameFrom Vitaliy -
One solution (which I've had to use) is a cron job going through and changing the permissions of a specified directory and files under it. Not pretty but it works.
If you want to extend the ability of users to change this, you might consider allowing the users from the ftpgroup to allow chmod within the specified directory with an appropriate rule using sudo.
Or you can make a shell script which does the appropriate checks and does the function, and make that program allowed to be run via sudo. I do not suggest nor recommend a set-uid shell script.
From mdpc -
Only the owner of a file or root is permitted to change permissions in Linux (write access != permission change access)
The only way I can think of is using sudo. I don't know if that would do the trick, and I'd be exceedingly cautious about how you specify the sudo rules so that the users don't have any additional privileges.
Note that if they are connecting using an FTP server, sudo probably won't be the answer.
From Slartibartfast
0 comments:
Post a Comment