From owner-freebsd-questions@FreeBSD.ORG Thu Nov 25 14:42:10 2010 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id B2A2B106566B for ; Thu, 25 Nov 2010 14:42:10 +0000 (UTC) (envelope-from nvidican@m2.vidican.com) Received: from mail-ww0-f50.google.com (mail-ww0-f50.google.com [74.125.82.50]) by mx1.freebsd.org (Postfix) with ESMTP id 3B9418FC0A for ; Thu, 25 Nov 2010 14:42:09 +0000 (UTC) Received: by wwd20 with SMTP id 20so927829wwd.31 for ; Thu, 25 Nov 2010 06:42:09 -0800 (PST) MIME-Version: 1.0 Received: by 10.216.15.10 with SMTP id e10mr4039572wee.21.1290696124968; Thu, 25 Nov 2010 06:42:04 -0800 (PST) Sender: nvidican@m2.vidican.com Received: by 10.216.188.18 with HTTP; Thu, 25 Nov 2010 06:42:04 -0800 (PST) X-Originating-IP: [216.118.213.14] In-Reply-To: <4CED8855.23373.40E2965D@dave.g8kbv.demon.co.uk> References: <4CED8855.23373.40E2965D@dave.g8kbv.demon.co.uk> Date: Thu, 25 Nov 2010 09:42:04 -0500 X-Google-Sender-Auth: K1nRKUJ18DGubf2aEjNH7x2C0Ls Message-ID: From: Nathan Vidican To: Dave Content-Type: text/plain; charset=ISO-8859-1 X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: freebsd-questions@freebsd.org Subject: Re: new user questions. (Before I back myself into a corner!) X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 25 Nov 2010 14:42:10 -0000 On Wed, Nov 24, 2010 at 4:49 PM, Dave wrote: > Hi again. > > Firstly, many thanks for the responces to my questions. Much > appreciated. Especialy as on other "lesser" forums (Lugs etc) I often > get flamed for asking such stuff, and learn nothing as a result. > > > OK. The FTP thing first.... Just for the heck of it, trying to use > the built in server daemon, "because it's there" etc.... > > I've sort of got the default FTP server up and running thanks to the > hints from you all, but pound to a penny, it's not optimaly configured, > yet. > > I have two users defined, "ral" and "faros" (easy to remember, as they > are the names of the two external automated systems I intend to have send > data to the small website, when that's done.) Each with a unique > password. > > Both are also members of a group "webupdater". > > (As an asside, creating users, regardless of what "shell" I pick from the > list, I get "unknown root shell" warnings as adduser completes.) > > Both users can connect to the ftp server (still stuck at port 21 for now, > but I'm manually starting it from the root command line) and log in with > their username and password. > > (Both can also login to the system from the console too, not what I > wanted, but...... I did try the "nologin" shell, but that prevents them > from loging in to the FTP server too.) > > However, each user see's it's own unique homedir folder, exactly as > described in the man pages, but I'd like them to see the folder structure > below by default. > > I have created a directory '/var/site' and from that some decendant > directories that mimic the existing site on the other machine. > > /site < the "root" folder for the FTP and WWW > system. > /site/60m > /site/faros > /site/faros/fixedimages > /site/faros/parking > > I've been trying to use Groups, and the ftpchroot file, to get the > "users" to see the /site directory as their root (for compatablility with > the way things work on the other system, so I don't have to change > existing batch and script files when I get to point them at this box) or > their individual data directory 60m for ral and 'Faros' for Faros. > > However, the pages for that feature are a little thin in content detail > that I can use. (I'm looking at the man pages and handbook files on the > freebsd.org site) > > I have this in /etc/ftpchroot > @webupdater /var/site > > And indeed, loging into the ftp server as either faros, or ral, the > default directory is indeed the /site folder as I wish. As ftp users, > then can traverse the tree downwards as needed, but not upwards from > /site back to /var. Nice. > > But, neither user can read write or even see anything in those > directories (only the decendant directories are visible.) > > Without that entry in ftpchroot, then I can indeed ftp stuff > up/down/sideways to/from each user's home folder, but that's not a lot of > use for what I want. > > I sort of understand the way the rights work (I think) but as yet I can't > see a way to assign group rights to a folder tree. > > Navigating my way there in the console, if I do a ls -l, then I see > what's sort of expected. > drwxr-xr-x # root wheel 512 date time subfolder etc..... > (# is a number) (when logged in as root, somewhat less, when logged in > as ral or faros, but I can still list and read stuff.) > > Of course, the group "webupdater" is not listed, hence it's users wont be > able to see or do anything. > > What have I missed? Can I assign group rights to a folder structure? > Or, am I going about this all wrong. > > Problems and unfamiliarity asside, I'm sort of enjoying all this. But > it's a near vertical learning curve, again... > > Best regards, time for the kettle to start work I think. > > Dave B. > > PS: I saw somewhere, that pureftp has had some recent security > troubles. > Can't find the details right now though. > > Ah.. Here we are.... > http://www.vuxml.org/freebsd/533d20e7-f71f-11df-9ae1-000bcdf0a03b.html > Like yesterday! > > Mind you, looking at it's features and abilities, I think I already need > a second FreeBSD machine to play with to check this stuff out on. > > >><< > > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to " > freebsd-questions-unsubscribe@freebsd.org" > Two commands of interest here, 'chmod' and 'chown'. I'd highly suggest reading the manpage on both, but here's the short/quick-start version: chmod - used to change permissions for a file or directory - permissions are broken down into: 2=read, 4=write, 1=execute - permissions are displayed in group of three, corresponding to owner-group-everyone else - so chmod 666 means "make owner,group,everyone each able to read(2) plus write(4) (2+4=6) - the first number indicating the owner of the files permission, the second the group, and the last everyone - so when you noted seeing "drwxr-xr-x" - that's 755 (owner read+write+execute(7), group read+execute (5), everyone else read+execute(5) - in order for a user to 'cd' to a directory, the execute permission must be set - to answer your original question then, "chmod 775 " would then change the permissions to that the group can write as well chown - used to change ownership of a file or directory - can change owner, or group ownership - syntax is "chown user:group " As far as the FTP thing goes, you need to make sure that the shell you assign the user is listed in /etc/shells - that's what the system 'standard' ftpd is looking for. -- Nathan Vidican nathan@vidican.com