Enter other users' directories

MasterC · 11-24-2002, 11:55 PM

How can I make it so a regular user can enter other users' directories? On the same system of course. So let's say I setup user cool, and user dork. I want user cool to be able to enter user dork's home directory (/home/dork) and also have permissions xw and r, while not taking any permissions away from user dork.

Any ideas?

Cool

MasterC · 11-24-2002, 11:58 PM

btw, I have tried simply making them all part of the same group and chowning the directory to that group, but no dice...

Let me tell you what I *really* want to do, maybe you can help me better that way

I have user ftp on the system. And the users home directory (/home/ftp) is the anonymous chroot for anonymous login on my ftp server. I want user masterc to be able to enter that home directory, place files in there, and remove files as well. I have added masterc to the ftp group, but no dice, and owner:group of the /home/ftp and subdirectories/files is ftp:ftp

So, now, any ideas?

Cool

neo77777 · 11-25-2002, 12:14 AM

Here, http://mechfire.net/warftpd/allowing.htm

But honestly, what your ftpusers should say about you, may be it says no-no Chad noway you can get in?

MasterC · 11-25-2002, 12:20 AM

Thanks for the link Boris

Hey, did you get my email? If not, I am wondering if you remember that security program that displays the access info when you go to your homepage. So if I pointed my browser to http://masterc.no-ip.org/security

Or something like that, it would display info about my site...

Anyway, thanks again for the link.

Cool

MasterC · 11-25-2002, 12:24 AM

Well, on that site it describes how to enter a directory on an ftp...

What I mean to do is a little different. On my box, not via ftp, I want my regular user to be able to basically have complete control over /home/ftp but still allow this to be seen and used by anonymous login. So I don't *think* I should change any perm's on this directory as it would dork up the ability for the anonymous folks to see the files...

Unless I am missing something, which I usually am.

Cool

neo77777 · 11-25-2002, 12:40 AM

It is puresecure from dmarc http://www.demarc.com/
What about ftpusers and ftpaccess files?

MasterC · 11-25-2002, 12:49 AM

That's it! Thanks for security program link

Ftpusers and ftpaccess file... I will have to check into that... I am not sure... Thanks for some ideas though.

Cool

moses · 11-25-2002, 12:55 AM

So, set the gid bit on /home/ftp, add your cool users to group ftp, change
ownership of /home/ftp to ftp:ftp, and you should be good to go. . .

You said something about "no dice", but do you mean masterc doesn't have
free access to the tree, or that anonymous ftp doesn't?

Did you have masterc do a newgrp (or log off and log back in)?

MasterC · 11-25-2002, 08:57 AM

Mornin!

Set the gid bit? That might be something I haven't done, but I don't know how.. Yeah, cool user is in group ftp, ownership of /home/ftp is ftp:ftp, so I am thinking maybe all I need to do is the gid bit, but how?

What I meant by no dice is that masterc doesn't have free access. Anonymous ftp is workin like a charm though, and that's what I am trying to not dork up.

newgrp is new to me as well, but I have logged off and back in several times since I set masterc to be part of that group.

Cool

Ciccio · 11-25-2002, 02:50 PM

make them part of the same group and chown the direcotry to that group... after that chmod the direcotry so the group can have full access... that should do it...

PS: I am now following you... hehe

Save teh penguin

moses · 11-25-2002, 03:03 PM

The gid bit is like the uid bit, it causes everything under /home/ftp to have
the same group executable permissions as /home/ftp.
man chmod
You may have to do a
newgrp ftp
at least once before you are considered part of the group, though that
doesn't seem right.
man newgrp

MasterC · 11-25-2002, 09:12 PM

Ok, so I am reading man chmod, and I think this is a very important section, and probably the one with part of my answer in it, but I am having problems figuring part of it out:

Quote:

The letters `rwxXstugo' select the new permissions for the
affected users: read (r), write (w), execute (or access
for directories) (x), execute only if the file is a direc-
tory or already has execute permission for some user (X),
set user or group ID on execution (s), sticky bit (t), the
permissions that the user who owns the file currently has
for it (u), the permissions that other users in the file's
group have for it (g), and the permissions that other
users not in the file's group have for it (o). (Thus,
`chmod g-s file' removes the set-group-ID (sgid) bit,
`chmod ug+s file' sets both the suid and sgid bits, while
`chmod o+s file' does nothing.)

So it says that x on a directory allows users to enter it? So if I 'chmod -R 733 /home/ftp' then I will allow my user (masterc) access, and then write priviledges?

Or am I reading that wrong?

Also it goes on, talking about setting the "g" bit. Is that something else that I need to set to allow my "other" (I only have 3 users on my system, root, me (masterc) and lfs, well and ftp if he counts

) users access?

I will be reading man newgrp here in a minute, and will get back on that.

Thanks for the ideas on what to man though.

Cool

MasterC · 11-25-2002, 09:15 PM

Whoa, ok. So newgrp isn't permenent then, it's just for a specific session, a sort of su. If I newgrp - ftp then I will gain those perms, I see. Thanks for that, that'll help alot, especially if I can't figure out this chmod business.

Cool

moses · 11-26-2002, 12:28 AM

You have to allow read acces to the group that own /home/ftp.
chmod 770 /home/ftp (probably -R) (do you need anyone else to be able
to read or write to that dir, besides the ftp group and the ftp user?)
The executable bit on a directory modifies the ability for that dir to be
statted, which affects everything under it (if a dir isn't executable, you
can't read anything, write anything, etc. under it).

MasterC · 11-27-2002, 12:57 AM

Cool, ok thanks for the clarification. I am workin like a mutha lately, and haven't had time to try this out, and a few other things that I have been thinking of, but will very soon.

Thanks again for the ideas and commands et al.

Cool