new user questions. (Before I back myself into a corner!)

Nathan Vidican nathan at vidican.com
Thu Nov 25 14:42:10 UTC 2010 

On Wed, Nov 24, 2010 at 4:49 PM, Dave <dave at g8kbv.demon.co.uk> wrote:

> Hi again.
>
> Firstly, many thanks for the responces to my questions.  Much
> appreciated.   Especialy as on other "lesser" forums (Lugs etc) I often
> get flamed for asking such stuff, and learn nothing as a result.
>
>
> OK.   The FTP thing first....   Just for the heck of it, trying to use
> the built in server daemon, "because it's there" etc....
>
> I've sort of got the default FTP server up and running thanks to the
> hints from you all, but pound to a penny, it's not optimaly configured,
> yet.
>
> I have two users defined, "ral" and "faros" (easy to remember, as they
> are the names of the two external automated systems I intend to have send
> data to the small website, when that's done.) Each with a unique
> password.
>
> Both are also members of a group "webupdater".
>
> (As an asside, creating users, regardless of what "shell" I pick from the
> list, I get "unknown root shell" warnings as adduser completes.)
>
> Both users can connect to the ftp server (still stuck at port 21 for now,
> but I'm manually starting it from the root command line) and log in with
> their username and password.
>
> (Both can also login to the system from the console too, not what I
> wanted, but......   I did try the "nologin" shell, but that prevents them
> from loging in to the FTP server too.)
>
> However, each user see's it's own unique homedir folder, exactly as
> described in the man pages, but I'd like them to see the folder structure
> below by default.
>
> I have created a directory '/var/site' and from that some decendant
> directories that mimic the existing site on the other machine.
>
> /site                           < the "root" folder for the FTP and WWW
> system.
> /site/60m
> /site/faros
> /site/faros/fixedimages
> /site/faros/parking
>
> I've been trying to use Groups, and the ftpchroot file, to get the
> "users" to see the /site directory as their root (for compatablility with
> the way things work on the other system, so I don't have to change
> existing batch and script files when I get to point them at this box) or
> their individual data directory 60m for ral and 'Faros' for Faros.
>
> However, the pages for that feature are a little thin in content detail
> that I can use.  (I'm looking at the man pages and handbook files on the
> freebsd.org site)
>
> I have this in /etc/ftpchroot
> @webupdater /var/site
>
> And indeed, loging into the ftp server as either faros, or ral, the
> default directory is indeed the /site folder as I wish.  As ftp users,
> then can traverse the tree downwards as needed, but not upwards from
> /site back to /var.  Nice.
>
> But, neither user can read write or even see anything in those
> directories (only the decendant directories are visible.)
>
> Without that entry in ftpchroot, then I can indeed ftp stuff
> up/down/sideways to/from each user's home folder, but that's not a lot of
> use for what I want.
>
> I sort of understand the way the rights work (I think) but as yet I can't
> see a way to assign group rights to a folder tree.
>
> Navigating my way there in the console, if I do a ls -l, then I see
> what's sort of expected.
> drwxr-xr-x # root  wheel 512 date time subfolder     etc.....
> (# is a number)   (when logged in as root, somewhat less, when logged in
> as ral or faros, but I can still list and read stuff.)
>
> Of course, the group "webupdater" is not listed, hence it's users wont be
> able to see or do anything.
>
> What have I missed?   Can I assign group rights to a folder structure?
> Or, am I going about this all wrong.
>
> Problems and unfamiliarity asside, I'm sort of enjoying all this.  But
> it's a near vertical learning curve, again...
>
> Best regards, time for the kettle to start work I think.
>
> Dave B.
>
> PS:     I saw somewhere, that pureftp has had some recent security
> troubles.
> Can't find the details right now though.
>
> Ah..  Here we are....
> http://www.vuxml.org/freebsd/533d20e7-f71f-11df-9ae1-000bcdf0a03b.html
> Like yesterday!
>
> Mind you, looking at it's features and abilities, I think I already need
> a second FreeBSD machine to play with to check this stuff out on.
>
> >><<
>
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "
> freebsd-questions-unsubscribe at freebsd.org"
>

Two commands of interest here, 'chmod' and 'chown'. I'd highly suggest
reading the manpage on both, but here's the short/quick-start version:

chmod
 - used to change permissions for a file or directory
 - permissions are broken down into: 2=read, 4=write, 1=execute
 - permissions are displayed in group of three, corresponding to
owner-group-everyone else
 - so chmod 666 means "make owner,group,everyone each able to read(2) plus
write(4) (2+4=6)
   - the first number indicating the owner of the files permission, the
second the group, and the last everyone
 - so when you noted seeing "drwxr-xr-x" - that's 755 (owner
read+write+execute(7), group read+execute (5), everyone else read+execute(5)
 - in order for a user to 'cd' to a directory, the execute permission must
be set
 - to answer your original question then, "chmod 775 <dir_name>" would then
change the permissions to that the group can write as well

chown
 - used to change ownership of a file or directory
 - can change owner, or group ownership
 - syntax is "chown user:group <dir_name>"

As far as the FTP thing goes, you need to make sure that the shell you
assign the user is listed in /etc/shells - that's what the system 'standard'
ftpd is looking for.

-- 
Nathan Vidican
nathan at vidican.com

More information about the freebsd-questions mailing list