Setting propper permissions for a dropbox and a reader only gets me half-way

Posted on

Problem :

I have successfully created an ftp directory where the ftp user has only write permissions. It’s essentially a drop box. I created another user that has both read and write permissions to the directory.

If the first user is ups and the second is home this is what the permissions look like:

drwx-wx–x 3 home ups

Somehow home still can see the files within the directory but can’t manipulate them, the command “cp” fails. I can if use the same command as su, which I know is a bad idea. Just did that to test that I had no typos.

Can someone help me figure out what I’m doing wrong?

Thanks

Solution :

If your listed permissions are part of ls -l, then the directory is owned by home in the group ups, in which case home has read permission and so can browse the directory, as well as the write permission allowing creating, renaming and deleting files.

If the user ups is in the group ups, then group permissions allows the user to create, rename and delete files, but not to browse and see which files exist in the directory. So this user can delete the files he has uploaded and any other files known to exist, but without the ability to list the directory to find out their names.

In order to use cp, home needs read access to the files in the directory, which I assume he or she doesn’t have. What you need to do is to make sure that uploaded files have read permission for home (eg with umask 022). This point can be confirmed if you update your question to include the file permissions within the directory.

Leave a Reply

Your email address will not be published. Required fields are marked *