1

I have successfully created an ftp directory where the ftp user has only write permissions. It's essentially a drop box. I created another user that has both read and write permissions to the directory.

If the first user is ups and the second is home this is what the permissions look like:

drwx-wx--x 3 home ups

Somehow home still can see the files within the directory but can't manipulate them, the command "cp" fails. I can if use the same command as su, which I know is a bad idea. Just did that to test that I had no typos.

Can someone help me figure out what I'm doing wrong?

Thanks

Improve this question

1 Answer 1

Reset to default
0

If your listed permissions are part of ls -l, then the directory is owned by home in the group ups, in which case home has read permission and so can browse the directory, as well as the write permission allowing creating, renaming and deleting files.

If the user ups is in the group ups, then group permissions allows the user to create, rename and delete files, but not to browse and see which files exist in the directory. So this user can delete the files he has uploaded and any other files known to exist, but without the ability to list the directory to find out their names.

In order to use cp, home needs read access to the files in the directory, which I assume he or she doesn't have. What you need to do is to make sure that uploaded files have read permission for home (eg with umask 022). This point can be confirmed if you update your question to include the file permissions within the directory.

Improve this answer
10
  • You're correct, despite the fact that for the directory I have: drwx-wx--x 3 home ups 4096 Aug 15 18:18 files within the directory it states: -rw------- 1 ups ups 285928 Aug 14 19:06 data1.txt So obviously I don't have a full grasp of how permissions work. I figured home having all permissions to the directory would include the directory's contents.
    – Daniel Kaplan
    Commented Aug 15, 2018 at 18:20
  • It's logical, but confusing for anyone who has worked with Windows, where basic file permissions determine some of the directory options, such as deletion, that are controlled by the directory permissions in Unix/Linux. Also, there is no deny read option in the basic permissions, though there is if you use ACLs.
    – AFH
    Commented Aug 15, 2018 at 19:00
  • Forgive my densness @AFH but then how can I make it so that home has all rights over ups while keeping ups to write only permission? Yes, am stuck in a Windows frame of mind
    – Daniel Kaplan
    Commented Aug 18, 2018 at 21:27
  • I tried umask 022 under home, but in the end any file uploaded by ups is still listed with ups as owner and group.
    – Daniel Kaplan
    Commented Aug 18, 2018 at 23:36
  • The umask value affects the permissions, but not ownership: any files created by a user will be owned by that user with the associated group. So umask 022 will give -rw-r--r--, assuming the creator doesn't want executable permission, but this mask needs to be in the file creator's account, ups, so that ups can read and write the file through owner permissions, and home, being in the same ups group, can therefore read and copy it through group permissions.
    – AFH
    Commented Aug 19, 2018 at 0:40

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .