Re: thorny (for me) permissions problem
- From: Jeremy Chadwick <koitsu@xxxxxxxxxxx>
- Date: Tue, 7 Oct 2008 06:25:06 -0700
On Tue, Oct 07, 2008 at 08:54:36AM -0400, John Almberg wrote:
The following permissions problem has me stumped:
1. User A uploads a file (using ftp) to the server, into a directory
called 'data' owned by user B. Permissions on directory set to allow
this, like this:
drwxrwxr-x 2 user_b user_b 512 Oct 7 08:40 data
This aimplies that User A's account is in group "user_b".
2. A cron job, run by user B, then processes the file
3. When the processing is complete, the cron job needs to delete the
file from the server
4. however, after upload, the file has the ownership A:B (i.e, owned by
A, group B) with permissions -rw-r--r--. So B does not have permission to
delete the file.
This doesn't make sense. Any user in "group B" (the group that's
assigned to the "data" directory) should be able to remove files
in that directory.
That means:
1) Any user in the group called "user_b",
2) The user "user_b" himself.
See below.
The ftp user can manually change the permissions on the file to -rw-
rw-r--, but I do not want to depend on the user remembering to change
permissions. If he forgets, the cronjob will process the file over and
over again. I need the server to handle this, so it gets done correctly
100% of the time.
B does not have sufficient permissions to delete the file or change it's
permissions. The only thing I can think of is to have ANOTHER cron job,
run by A, run every few minutes to check for the existence of a file, and
change the permissions so B can delete it. But this smells like a kludge
to me.
Is there a correct way to handle this? For instance, is there something I
can set in A's profile, so when he uploads a file, the group permission
is set to rw? That would be a nice clean way to do it, but I can't find
anything like that.
What you're describing is understandable, but something is wrong with
the setup or description of the problem. Here's proof of what I'm
talking about:
# egrep 'somegroup' /etc/group
somegroup:*:9999:bob,jim
# id bob
uid=2000(bob) gid=1000(users) groups=1000(users),9999(somegroup)
# id jim
uid=2001(jim) gid=1000(users) groups=1000(users),9999(somegroup)
Both of these users are in group "somegroup". So let's make some
directories and files:
drwxrwxr-x 2 jim somegroup 2 Oct 7 06:22 data/
-rw-r----- 1 bob somegroup 0 Oct 7 06:22 data/somefile
In this scenario, user "jim" will be able to remove "somefile", as
can be seen here:
# su jim
% id -a
uid=2001(jim) gid=1000(users) groups=1000(users),9999(somegroup)
% ls -l
total 1
-rw-r----- 1 bob somegroup 0 Oct 7 06:22 somefile
% rm somefile
override rw-r----- bob/somegroup for somefile? y
% ls -l
total 0
So, possibly the FTP server you're using does not inherit users groups,
only GIDs?
--
| Jeremy Chadwick jdc at parodius.com |
| Parodius Networking http://www.parodius.com/ |
| UNIX Systems Administrator Mountain View, CA, USA |
| Making life hard for others since 1977. PGP: 4BD6C0CB |
_______________________________________________
freebsd-questions@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscribe@xxxxxxxxxxx"
- References:
- thorny (for me) permissions problem
- From: John Almberg
- thorny (for me) permissions problem
- Prev by Date: Re: has anyone actually received a bsdmag ?
- Next by Date: Re: Coretemp seems to be off quite a bit
- Previous by thread: Re: thorny (for me) permissions problem
- Next by thread: Re: thorny (for me) permissions problem
- Index(es):
Relevant Pages
|
