Date: Fri, 18 Oct 1996 10:48:44 +600 CDT From: "Larry Dolinar" <LARRYD@bldg1.croute.com> To: questions@freebsd.org Subject: umask for wuftpd differs for guest users.. Message-ID: <10E2FC9102C9@bldg1.croute.com>
next in thread | raw e-mail | index | archive | help
We're operating an FTP server with the WU-FTP package 2.4(1) and
running a few guest accounts, and an interesting thing has come up.
The standard anonymous users (internal or external) deposit files with
permissions 664, but the users in the guest group create files with 644.
What we're trying to achieve is the following:
- anonymous access for those that don't care about privacy
- private accounts for those that don't want their files
open to the anonymous account (and don't compromise our
system either)
Additionally a few paranoid types prefer that their files aren't
available to just any accounts on the FTP server. That part is
probably debatable, but in trying to accomodate it, I set the
permissions on their /incoming and /outgoing directories to 660.
As is usual for adduser on FreeBSD, this account (call it "thing") is
user "thing" and group "thing". Select local accounts on the FTP
server are added to group "thing" to let them get at /incoming and
/outgoing files through their normal logins.
"thing" is a member of group "guest" so the access restrictions apply
during FTP access by "thing", which works fine. The select local
account ("other") is a member of group "thing" to get at files. Via
telnet, "other"s umask (2) creates files with 664, but via FTP this
becomes 644.
To summarize:
/etc/group (abbreviated):
wheel:*:0:root
operator:*:5:root
guest:*:31:thing
other:*:1008:other
thing:*:1009:thing,other
nogroup:*:65533:
nobody:*:65534:
ls -laR ~thing:
total 14
drwxr-xr-x 6 root operator 512 Oct 16 16:37 .
drwxr-xr-x 14 root wheel 512 Oct 16 09:15 ..
-r-x------ 1 thing thing 100 Oct 16 16:37 .cshrc
dr-xr-xr-x 2 root operator 512 Jun 7 15:05 bin
dr-xr-xr-x 2 root operator 512 Jun 20 12:17 etc
drwxrwx--- 2 thing thing 512 Oct 18 10:15 incoming
drwxrwx--- 2 thing thing 512 Oct 18 10:11 outgoing
./bin:
total 220
dr-xr-xr-x 2 root operator 512 Jun 7 15:05 .
drwxr-xr-x 6 root operator 512 Oct 16 16:37 ..
---x--x--x 1 root operator 65536 Jun 7 15:05 date
---x--x--x 1 root operator 147456 Jun 7 15:05 ls
./etc:
total 54
dr-xr-xr-x 2 root operator 512 Jun 20 12:17 .
drwxr-xr-x 6 root operator 512 Oct 16 16:37 ..
-rw-r--r-- 1 root operator 402 Jun 7 15:08 ftpmotd
-r--r--r-- 1 root operator 309 Jun 20 12:17 group
-r--r--r-- 1 root operator 784 Jun 20 12:17 passwd
./incoming:
total 4
drwxrwx--- 2 thing thing 512 Oct 18 10:15 .
drwxr-xr-x 6 root operator 512 Oct 16 16:37 ..
./outgoing:
total 1564
drwxrwx--- 2 thing thing 512 Oct 18 10:11 .
drwxr-xr-x 6 root operator 512 Oct 16 16:37 ..
-rw-r----- 1 other thing 684229 Oct 18 09:54 D19258.zip
-rw-r----- 1 other thing 886204 Oct 18 09:54 D19647.zip
The .cshrc is little more than a message about "no telnet" and a
logout, should "thing" try any telnet access.
Naturally "thing" can't delete "other"s files in /outgoing once he gets
them, *and he wants to*. I have no problem with that. The question
is, why does the umask change? I assume WUFTPD is forcing this. But
why not for anonymous users as well?
last of all, /usr/local/ftpaccess:
class all real,guest,anonymous *
guestgroup guest
limit all 10 Any /etc/msgs/msg.dead
readme README* login
readme README* cwd=*
message /welcome.msg login
message .message cwd=*
compress yes local remote
tar yes local remote
banner /etc/ftpwelcome
#log commands real,guest
log transfers anonymous,guest,real inbound,outbound
shutdown /etc/shutmsg
email user@hostname
umask yes anonymous,guest,real
All suggestions welcomed.
thanks,
larry
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?10E2FC9102C9>