Making the user uftp1 a member of dba or oraprod a member of ftp may lead to security hole as either way will open the door for the uftp1 or the oraprod user to have access to the resources which ftp or dba is the owner of.
Creating a separate group for uftp1 and oraprod is a better approach.
But the best approach in terms of security in this scenario would be to make use of ACL and SGID bit. I will explain the approach here:
1. Suppose /u01 is the directory in question. Make oraprod and dba are the owner of the directory:
2. Give 770 permission on /u01:
3. Turn on SGID bit on /u01 so that when the uftp1 user creates any file in the directory the group owner of the directory (dba) will have the ownership of the newly created file by default rather than ftp. This will help the oraprod user to have permission on the file as it's a member of the group.
4. Now you have to set ACL for the user uftp1 on /u01. The syntax varies depending on whether it's a ZFS or UFS filesystem.
For ZFS:
For UFS:
That's it and you are all setup.
From within a directory, how do I determine whether I have write permission for it.
test -w pwd ; echo ?
This doesn't work as it returns false, even though I have write permission. (4 Replies)
My users home directory located in a RHEL 5.0 nfs server.
Client is ubuntu 8.1 using NIS for authntication anf NFS for automounting
home Directory on the client side.
I set 700 to the users home directory.
My problem here is some of the users change the mode, which result in leak of... (2 Replies)
Hi All
I am using cygwin and if i type ls -l it is giving like
drwxr-xr-x+ for directories.
My question is what is the meaning of '+' sign at the end?
its not giving that '+' sign for files.
Thank you (1 Reply)
Hi all.
Only one of the following makes any kind of sense as a possible permission field for a UNIX file. Which one?
--w-------
----rwxrwx
-r--------
--rwx-----
----r-----
I think it is no. 3. I dont think it would be 2, because why would you want to give groups and... (1 Reply)
Hello,
I've configured an user authentication against Active Directory (Windows Server 2008 R2) on AIX V6 with LDAP. It works fine.
And here's my problem:
How can I control ldap user permissions on the local AIX machine?
E.g. an AD user should be able to write all files of local sys... (1 Reply)
Hi,
How do i check if I have read/write/execute rights on a UNIX directory?
What I'm doing is checking read access on the files but i also want to check if user has rights on the direcory in whcih these files are present.
if then......
And I check if the directory exists by using... (6 Replies)
i have an application that writes to a directory. let's call the directory:
/var/app/
the permissions of this directory is:
drwxrwxr-x
Now the files that the application creates in this directory usually dont have read permissions for others.
i know there's something called... (3 Replies)
Hi,
I had a newbie question on giving permissions to directories and subdirectories.
I am one of the users in a group. The top level directory (say directory 'X' - owned by someone else) has the following permissions:
drwxrwxrwx
It also has a subdirectory, say 'Y', (which in turn has... (5 Replies)
Hi,
I have created a shared directory on /home, where all users on a certain group have read, write and execute permissions.
I did this using
chmod -R g+rwx /home/shared/
The problem is, when a particular user creates a directory within /home/shared, other users are not able to write to... (8 Replies)
Discussion started by: lost.identity
8 Replies
LEARN ABOUT LINUX
ftpconfig
ftpconfig(1M) System Administration Commands ftpconfig(1M)NAME
ftpconfig - set up anonymous FTP
SYNOPSIS
ftpconfig [ftpdir]
ftpconfig -d ftpdir
DESCRIPTION
The ftpconfig script is executed by the super user to set up anonymous FTP. Anonymous FTP allows users to remotely log on to the FTP server
by specifying the user name ftp or anonymous and the user's email address as password. The anonymous users are logged on to the FTP
Server and given access to a restricted file area with its own file system root. See chroot(2). The FTP area has its own minimal system
files.
This command will copy and set up all the components needed to operate an anonymous FTP server, including creating the ftp user account,
creating device nodes, copying /usr/lib files, and copying timezone data. The passwd and group files set up have been stripped down to
prevent malicious users from finding login names on the server. The anonymous file area will be placed under ftpdir. If the ftp user
account already exists, then the current FTP area is used, and the system files in it are updated. All other files are left untouched. This
command should be run to update the anonymous FTP area's configuration whenever a system patch is installed, or the system is upgraded.
OPTIONS -d Create a new or update an existing ftpdir without creating or updating the ftp user account. Use this option when creating guest
FTP user accounts.
OPERANDS
The following operands are supported:
ftpdir The absolute pathname of the directory under which the anonymous FTP area is set up.
EXIT STATUS
The following exit values are returned:
0 Successful completion
1 Improper usage of the command
2 Command failed
ATTRIBUTES
See attributes(5) for descriptions of the following attributes:
+-----------------------------+-----------------------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+-----------------------------+-----------------------------+
|Availability |SUNWftpu |
+-----------------------------+-----------------------------+
|Interface Stability |Evolving |
+-----------------------------+-----------------------------+
SEE ALSO ftpaddhost(1M), in.ftpd(1M), useradd(1M), chroot(2), attributes(5)SunOS 5.10 1 May 2003 ftpconfig(1M)