vftpd issue regarding file permissions and user rights - linux

My system is:
Ubuntu 10.04 / Apache2
The question is related to the sofware vftpd - an ftp server for linux (https://security.appspot.com/vsftpd.html)
I have installed vftpd and it works fine. I am having an issue though trying to understand why users are able to delete files which are owned by root. I have set up the ftp server with the option "local_enable=YES" and also "chroot_local_user=YES" so that the users cannot navigate outside their home directory.
The strange thing is that if a file is owned by root, the ftp users are able to delete it. Is a user able to delete any file in the home directory regardless of who owns it?
I want to prevent users from being able to delete files, or allow other users to only have read access to the home directories of other users.
If anyone knows the vftpd software and can help i´d be most grateful,
yours,
Rob

Have you checked which is the chmod of the files? If all files belongs to the same group, and the group have read and write privileges, any user can modify the files through ftp.

Related

how to block off permission to all folders but one in C Drive

I have just set up a new user for ftp connection first time. I am trying to block off all permissions on all c drive folders but their their user folder. Currently they can see files in the windows folder which I tried changing using the properties and security deny permission for user, but it didnt allow me to do it.
Whats the best way to set this up? And block all visual access to folders but their own user folder.
Any questions, let me know and I'll clarify as best as I can.
Can use bitvise to restrict users to a root directory without touching any permissions on the directory itself

retrieving files from NAS linux network in PHP

I'm working on a php project where a particular feature will have to access the files stored from an external directory:Network Attached Storage(linux). Lets say the path is /volume1/accounts and this is mounted in the linux server where my site is hosted using apache. I will have to retrieve files from that directory. is there a way in PHP to do that? My client says that its already been mounted.
No matter what I do I cant access using these test codes
print "<pre>".print_r(scandir("/volume1/accounts/"), true)."</pre>";
print "<pre>".print_r(scandir("192.168.0.233/volume1/accounts"), true)."</pre>";
print "<pre>".print_r(scandir("192.168.0.233:/volume1/accounts"), true)."</pre>";
How am I suppose to do it? Please help me.
Generally, PHP engine is executed with apache server's privileges. So mounted directory has no permissions or ownership for apache server, It'll be not able to show file lists. Could you try to make directory on /volume1/accounts/ and change ownership and permissions? If apache server is working with apache:apache ownership, please change ownership of directory as same.

Linux file permissions and Java problems (permission retention)

I run servers on my Linux Server (Ubuntu) and there's a bit of a problem. It may seem simple to fix, however I don't think it is. The servers run in my username (server), however, others access certain files with different users via FTP. Because the server is running in my username, whenever a plugin creates new files, they do not have permission to edit etc.
I have tried putting the users into groups and then allowing group access to that folder (even for new files), but had no luck. Every time they need to edit the files, I need to chmod -R 777 it.
I thought about running the servers in their usernames, however that would produce complications. Is it actually possible to make new files retain the permissions of the parent (or a top folder)? All the solutions I've found doesn't seem to work.
Not for users but for groups. You can:
chmod g+s parent_dir
chgrp shared_group parent_dir
If you create files inside it, that files will have the group of the folder (shared_group).

joomla directory permission problem

I have installed joomla on my new account . All the files are showing the FTP username as the owner of files . But when i go to joomla admin section and check directory permissions , it says the few folders are unwritable .
Does it mean that admin page is using different user than FTP username
Its not about ownership, usually its about permissions. If you want to understand it all - there is a quite extensive FAQ
http://forum.joomla.org/viewtopic.php?t=121470
Short one - look into the the test results - note the files and directories to be changed. Depending on the security configuration of your Web server the recommended default permissions is:
755 for directories
644 for files
change them. For Filezilla (a free ftp client - my best guess on what you are using) a good tutrial how change file permissions is :
http://www.codeunit.co.za/2008/07/18/remotely-changing-multiple-linux-file-permissions-with-filezilla/
Since the owner usually has the most rights, changing the ownership of all files to the http-server process owner could also work' but then again - you would have to do this each time and its not possible via ftp.
Yes, if this is hosted on apache, the apache server usually runs as user www-data.

Not able to delete directory

I am having a frequent problems with my web hosting (its shared)
I am not able to delete or change permission for a particular directory. The response is,
Cannot delete. Directory may not be empty
I checked the permissions and it looks OK. There are 100's of files in this folder which I don't want.
I contacted my support and they solved it saying it was permission issue. But it reappeared. Any suggestions?
The server is Linux.
You can't rmdir a directory with files in it. You must first rm all files and subdirectories. Many times, the easiest solution is:
$ rm -rf old_directory
It's entirely possible that some of the files or subdirectories have permission limitations that might prevent them from being removed. Occasionally, this can be solved with:
$ chmod -R +w old_directory
But I suspect that's what your support people did earlier.
This could also be because your FTP client might not be showing the hidden files (like cache, or any hiddn files that your application might create), while the hidden files are preventing you from deleting the directory. (though, in your case, I am not sure if this is the cause .. .it could be permission issue with your hosting provider.. Webserver running as another user (like apache or www) combined with your directories having global write perms).
I assume that's a response from an FTP server?
Usually, a message from an FTP server really means it. If it says the directory is not empty, there might be certain files you cannot see that exists in the directory which maybe one of:
Your PHP/JSP/ASP/whatever scripts may run under a different user account thus creating files which you may not be able to see/delete
Is your hosting's web interface run under your FTP account? There might be conflicting permissions there if you manage some files from the web interface and then later via FTP.
Hosting server/operating system files created unintentionally e.g. from the hosting's web interface
If it comes from a script, write a one-time throw-away script that delete the files and that directory and then uploads and executes it.
And just to be sure, some FTP server doesn't support direct directory deletion, you need all the files first, is that the case?

Resources