Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: How to add a new users in proftpd server?
Operating Systems Linux Red Hat How to add a new users in proftpd server? Post 302783409 by Corona688 on Wednesday 20th of March 2013 11:45:33 AM
Old 03-20-2013
You can restrict their access to files in UNIX by using UNIX file access restrictions.

Create a 'shared' group and put user1 and user2 in it, but not user3. Then change the ownership of the directory, and restrict file access from other users, but allow the group.

Code:
groupadd shared # Create a new user group named 'shared'
usermod -a -G shared user1 # Add user1 to the group
usermod -a -G shared user2 # Add user2 to the group

chown :shared /path/to/directory # Make the group-owner of the folder 'shared'
chmod 770 /path/to/directory # The dir's owner, and the group, can write, but not anyone else.

That way, people in the 'shared' group can write to it, or the folder's own owner, but not anyone else.

As for how to get to the files with FTP, the obvious way would be to change their home directories, but if they use shell logins too, that's not so good... You can check if they belong to the 'shared' group and force them into that folder like this:

Code:
<IfGroup shared>
DefaultRoot /path/to/directory
</IfGroup>

 

9 More Discussions You Might Find Interesting

1. UNIX for Advanced & Expert Users

Migrating all users from one linux server to another...

Hello, I've been tasked with migrating users from one linux server to another new linux server. This is how I was thinking of doing it: 1.) Open up an NFS connection between the two servers, cp -Rp /home/ to the new server and then append the old /etc/group & /etc/passwd to the existing... (2 Replies)
Discussion started by: vancouver_joe
2 Replies

2. UNIX for Advanced & Expert Users

Add users on OSX server with SSH

Hi Is it possible to add users on a Mac OSX server from a unix system with ssh? If it is what file to alter? brg Nicke (3 Replies)
Discussion started by: nicke30
3 Replies

3. UNIX for Dummies Questions & Answers

Users locked out of Server

hiya all, I have Fedora core 3 installed - as a server - onto an old PC. Root u/n and psw lets me in However, all the other accounts no longer worked. They use to work until yesterday... I now get the error at the login screen: "AUTHENTICATIONFAILED" I hope this is a common... (12 Replies)
Discussion started by: marty 600
12 Replies

4. UNIX for Advanced & Expert Users

2 users on the same server (rexec)

Hi, all. Could some one help me please with one problem? In one process (on aix) I should run some remote scripts on other server via rexec. Some scripts should be run on server1 under useridA, and some scripts should be run on the same server under useridB. I specified in .netrc... (10 Replies)
Discussion started by: Anta
10 Replies

5. Red Hat

when users ftp to server the timezone reflected is UTC but the server is set to TZ in localtime

Guys, Need your help coz my server runs in local time GMT +8, but when client use ftp and login, the resulting timestamp seen in each file is in UTC format. We need to set that the time should be the same as GMT +8 when in ftp session. I am using RHEL 5.3. root@]# ll total 1740... (2 Replies)
Discussion started by: shtobias
2 Replies

6. Linux

users can't sftp into my server

I am running a fedora core 13 server and I am having trouble with sftp. My users can connect to the server using SSH both using public key and password authentication. For some reason they are not able to connect using sftp. I'l not sure what's going on. I ran sshd in debug mode and here's... (6 Replies)
Discussion started by: emildiego
6 Replies

7. UNIX for Advanced & Expert Users

Sending Messeges To Users on a Server

I am in the process of doing testing on a backup script that will backup everyones home directories. When I run a "who" I can see the users that are logged on. How can I send these users, let say an instant message other then email to alert them that I am about ready to kick of a test backup? I... (3 Replies)
Discussion started by: metallica1973
3 Replies

8. Shell Programming and Scripting

Redirecting Users to New Server

I am new to shell scripting. I urgently need a script on a backup server that will ping the main server to check if the server is up. If the main server is down- the script should transfer the IP of the main server to the backup server. Once the main server is up again the backup server will... (7 Replies)
Discussion started by: sanmiogun
7 Replies

9. Red Hat

Script for Creating more users like 50 in one server

Hi friends could you please share me the script to create more users in one server except newusers, is there any option to change secondary group and how to print passwd and changing the age all these things how can i edit in newsers.. please help me (0 Replies)
Discussion started by: indiankrish
0 Replies

LEARN ABOUT DEBIAN

bindfs

BINDFS(1)						      General Commands Manual							 BINDFS(1)

NAME

       bindfs - mount --bind in user-space

SYNOPSIS

       bindfs [options] dir mountpoint

DESCRIPTION

       A  FUSE filesystem for mirroring the contents of a directory to another directory. Additionally, one can change the permissions of files in
       the mirrored directory.

FILE OWNERSHIP

       -u, --user, --owner=user, -o owner=...
	      Makes all files owned by the specified user.  Also causes chown on the mounted filesystem to always fail.

       -g, --group=group, -o group=...
	      Makes all files owned by the specified group.  Also causes chgrp on the mounted filesystem to always fail.

       -p, --perms=permissions, -o perms=...
	      Takes a comma- or colon-separated list of chmod-like permission specifications to be applied to the permission bits in  order.   See
	      PERMISSION SPECIFICATION below for details.

	      This  only  affects  how	the  permission bits of existing files are altered when shown in the mounted directory. You can use --cre-
	      ate-with-perms to change the permissions that newly created files get in the source directory.

	      Note that, as usual, the root user isn't bound by the permissions set here.  You can get a truly read-only mount by using -r.

       -m, --mirror=user1:user2:..., -o mirror=...
	      Takes a comma- or colon-separated list of users who will see themselves as the owners of all files. Users who are  not  listed  here
	      will still be able to access the mount if the permissions otherwise allow them to.

	      You can also give a group name prefixed with an '@' to mirror all members of a group. This will not change which group the files are
	      shown to have.

       -M, --mirror-only=user1:user2:..., -o mirror-only=...
	      Like --mirror but disallows access for all other users (except root).

       --map=user1/user2:@group1/@group2:..., -o map=...
	      Given a mapping user1/user2, all files owned by user1 are shown as owned by user2. When user2 creates files,  they  are  chowned	to
	      user1  in  the  underlying  directory. When files are chowned to user2, they are chowned to user1 in the underlying directory. Works
	      similarly for groups.

	      A single user or group may appear no more than once on the left and once on the right of a slash in  the	list  of  mappings.   Cur-
	      rently,  the  options --user, --group, --mirror, --create-for-*, --chown-* and --chgrp-* override the corresponding behavior of this
	      option.

	      Requires mounting as root.

FILE CREATION POLICY

       New files and directories are created so they are owned by the mounter.	bindfs can let this happen (the default for normal users),  or	it
       can  try  to  change  the owner to the uid/gid of the process that wants to create the file (the default for root).  It is also possible to
       have bindfs try to change the owner to a particular user or group.

       --create-as-user, -o create-as-user
	      Tries to change the owner and group of new files and directories to the uid and gid of the caller. This can work only if the mounter
	      is root.	It is also the default behavior (mimicing mount --bind) if the mounter is root.

       --create-as-mounter, -o create-as-mounter
	      All new files and directories will be owned by the mounter.  This is the default behavior for non-root mounters.

       --create-for-user=user, -o create-for-user=...
	      Tries to change the owner of new files and directories to the user specified here.  This can work only if the mounter is root.  This
	      option overrides the --create-as-user and --create-as-mounter options.

       --create-for-group=group, -o create-for-group=...
	      Tries to change the owning group of new files and directories to the group specified here.  This can work only  if  the  mounter	is
	      root.  This option overrides the --create-as-user and --create-as-mounter options.

       --create-with-perms=permissions, -o create-with-perms=...
	      Works  like --perms but is applied to the permission bits of new files get in the source directory.  Normally the permissions of new
	      files depend on the creating process's preferences and umask.  This option can be used to modify those permissions or override  them
	      completely.  See PERMISSION SPECIFICATION below for details.

CHOWN
/CHGRP POLICY
       The behaviour on chown/chgrp calls can be changed. By default they are passed through to the source directory even if bindfs is set to show
       a fake owner/group. A chown/chgrp call will only succeed if the user has enough mirrored permissions to chmod the  mirrored  file  AND  the
       mounter has enough permissions to chmod the real file.

       --chown-normal, -o chown-normal
	      Tries to chown the underlying file. This is the default.

       --chown-ignore, -o chown-ignore
	      Lets  chown  succeed  (if the user has enough mirrored permissions) but actually does nothing. A combined chown/chgrp is effectively
	      turned into a chgrp-only request.

       --chown-deny, -o chown-deny
	      Makes chown always fail with a 'permission denied' error.  A combined chown/chgrp request will fail as well.

       --chgrp-normal, -o chgrp-normal
	      Tries to chgrp the underlying file. This is the default.

       --chgrp-ignore, -o chgrp-ignore
	      Lets chgrp succeed (if the user has enough mirrored permissions) but actually does nothing. A combined  chown/chgrp  is  effectively
	      turned into a chown-only request.

       --chgrp-deny, -o chgrp-deny
	      Makes chgrp always fail with a 'permission denied' error.  A combined chown/chgrp request will fail as well.

CHMOD POLICY

       Chmod calls are forwarded to the source directory by default.  This may cause unexpected behaviour if bindfs is altering permission bits.

       --chmod-normal, -o chmod-normal
	      Tries  to  chmod	the  underlying file. This will succeed if the user has the appropriate mirrored permissions to chmod the mirrored
	      file AND the mounter has enough permissions to chmod the real file.  This is the default (in order to behave like  mount	--bind	by
	      default).

       --chmod-ignore, -o chmod-ignore
	      Lets chmod succeed (if the user has enough mirrored permissions) but actually does nothing.

       --chmod-deny, -o chmod-deny
	      Makes chmod always fail with a 'permission denied' error.

       --chmod-allow-x, -o chmod-allow-x
	      Allows setting and clearing the executable attribute on files (but not directories). When used with --chmod-ignore, chmods will only
	      affect execute bits on files and changes to other bits are discarded.  With --chmod-deny, all chmods  that  would  change  any  bits
	      except excecute bits on files will still fail with a 'permission denied'.  This option does nothing with --chmod-normal.

XATTR POLICY

       Extended attributes are mirrored by default, though not all underlying file systems support xattrs.

       --xattr-none, -o xattr-none
	      Disable extended attributes altogether. All operations will return 'Operation not supported'.

       --xattr-ro, -o xattr-ro
	      Let extended attributes be read-only.

       --xattr-rw, -o xattr-rw
	      Let  extended  attributes  be read-write (the default).  The read/write permissions are checked against the (possibly modified) file
	      permissions inside the mount.

MISCELLANEOUS OPTIONS

       -h, --help
	      Displays a help message and exits.

       -V, --version
	      Displays version information and exits.

       -n, --no-allow-other, -o no-allow-other
	      Does not add -o allow_other to FUSE options.  This causes the mount to be accessible only by the current user.

       --realistic-permissions, -o realistic-permissions
	      Hides read/write/execute permissions for a mirrored file when the mounter doesn't have read/write/execute access to  the	underlying
	      file.  Useless when mounting as root, since root will always have full access.

	      (Prior  to  version  1.10  this option was the default behavior.	I felt it violated the principle of least surprise badly enough to
	      warrant a small break in backwards-compatibility.)

       --ctime-from-mtime, -o ctime-from-mtime
	      Recall that a unix file has three standard timestamps: atime (last access i.e. read time), mtime (last  content  modification  time)
	      ctime (last content or metadata (inode) change time)

	      With  this  option,  the	ctime  of  each file and directory is read from its mtime.  In other words, only content modifications (as
	      opposed to metadata changes) will be reflected in a mirrored file's ctime.  The underlying file's ctime will still be  updated  nor-
	      mally.

       --hide-hard-links, -o hide-hard-links
	      Shows the hard link count of all files as 1.

FUSE OPTIONS

       -o options
	      Fuse options.

       -r, -o ro
	      Make  the mount strictly read-only.  This even prevents root from writing to it.	If this is all you need, then (since Linux 2.6.26)
	      you can get a more efficent mount with mount --bind and then mount -o remount,ro.

       -d, -o debug
	      Enable debug output (implies -f).

       -f     Foreground operation.

       -s     Disable multithreaded operation. bindfs should be thread-safe.

PERMISSION SPECIFICATION

       The -p option takes a comma- or colon-separated list of either octal numeric permission bits or symbolic representations of permission  bit
       operations.  The symbolic representation is based on that of the  chmod(1) command.  setuid, setgid and sticky bits are ignored.

       This program extends the chmod symbolic representation with the following operands:

       `D' (right hand side)
	   Works like X but applies only to directories (not to executables).

       `d' and `f' (left hand side)
	   Makes this directive only apply to directories (d) or files (f).
	   e.g. gd-w would remove the group write bit from all directories.

       `u', `g', `o' (right hand side)
	   Uses the user (u), group (g) or others (o) permission bits of
	   the original file.
	   e.g. g=u would copy the user's permission bits to the group.
		ug+o would add the others' permissions to the owner and group.

       Examples

       o-rwx  Removes all permission bits from others.

       g=rD   Allows group to read all files and enter all directories, but nothing else.

       0644,a+X
	      Sets permission bits to 0644 and adds the execute bit for everyone to all directories and executables.

       og-x:og+rD:u=rwX:g+rw
	      Removes execute bit for others and group, adds read and directory execute for others and group, sets user permissions to read, write
	      and execute directory/executable, adds read and write for group.

EXAMPLES


       bindfs -u www -g nogroup -p 0000,u=rD ~/mywebsite ~/public_html/mysite

	      Publishes a website in public_html so that only the 'www' user can read the site.

       bindfs -M foo,bar,1007,@mygroup -p 0600,u+X dir mnt

	      Gives access to 'foo', 'bar', the user with the UID 1007 as well as everyone in the group 'mygroup'. Sets  the  permission  bits	to
	      0600, thus giving the specified users read/write access, and adds the user execute bit for directories and executables.

       bindfs -ono-allow-other,perms=a-w somedir somedir

	      Makes a directory read-only and accessable only by the current user.

       bindfs#/home/bob/shared /var/www/shared/bob fuse perms=0000:u+rD 0 0

	      An example /etc/fstab entry. Note that the colon must be used to separate arguments to perms, because the comma is an option separa-
	      tor in /etc/fstab.

NOTES

       Setuid and setgid bits have no effect inside the mount.	This is a necessary security feature of FUSE.

       MacFuse caches file contents by default.  This means that changes in source files are not always immediately visible under the mount point.
       -o nolocalcaches can be used to disable the cache.

BUGS

       Please report to the issue tracker on the project home page at http://code.google.com/p/bindfs/

AUTHOR

       Martin Partel <martin dot partel at gmail dot com>

SEE ALSO

       chmod(1), fusermount(1)

																	 BINDFS(1)
All times are GMT -4. The time now is 07:46 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy