FTP users - one to upload, and one read only

user · November 1, 2009, 9:10pm

so i’m trying to setup an FTP box that will have a few departmental accounts on it, and want to set it up so that there is one account that can upload and delete files, and one that is just read only.

I thouhgt I could get away with this by creating upload_user and download_user accounts, and making both account have the same home directory /ftp.

problem is that when i upload with the upload_user account, and then try and go in and download the files with the download user account, it fails because the file that was uploaded is owned by the upload user.

anybody have any suggestions on how to accomplish this?

Thanks!

ab · November 1, 2009, 11:06pm

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Is there a way to set the umask when using the FTP service? For example
if the umask is set to 022 then the permissions should be such that
anybody can read the file regardless of their identity.

With that in mind is there a reason you are using FTP with usernames? It
is completely insecure as it sends usernames, passwords, and all other
data (the files) in the clear.

Good luck.

bernie1774 wrote:
> so i’m trying to setup an FTP box that will have a few departmental
> accounts on it, and want to set it up so that there is one account that
> can upload and delete files, and one that is just read only.
>
> I thouhgt I could get away with this by creating upload_user and
> download_user accounts, and making both account have the same home
> directory /ftp.
>
> problem is that when i upload with the upload_user account, and then
> try and go in and download the files with the download user account, it
> fails because the file that was uploaded is owned by the upload user.
>
> anybody have any suggestions on how to accomplish this?
>
> Thanks!
>
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJK7gZSAAoJEF+XTK08PnB5jIMP/RhTZS1bDXMfvBuOMrGxXrX/
ndjVjmZhGpGIVMcblWILBsGhVWg3VJqhy4UQf+/qgP+4YaI7KNkoetu7gOIRRtI+
XGAtsMa36+RjslIjlj0L5KuDvluENq3raTXMR41r4rAeG7Ebz13//92jJGHnxzh1
IhDq0CP6cW2rJKO32blges07OuSllnkQAwMuco1czoyC1+HhHcIFzNw9Z5PQ7L5u
MnTmPkekYyxlxaDV8oIi1p2oavyX0dZmEZjgLzx7RKZ7OVqnJKBwsRlMKBdiv3tS
n8RrX8dzZj5SchuozvFbE1do1+W8S12+4XhxnO3MH/2MUrnqwGsFZKXzVIUJnhiV
jxRLEsDmLCw7SsZ3nBMIR4Gq8w0Tylu3w5r2waK8PSok4Xzc+Wmvr+FmDdzPBbzK
LqrwKZy+SYqEZb05yNwuo+zrWcRI1evka7k/iZXdCkPKM22S8Jgq1kScQaGl3EjY
A5jkmRn0KNRlvKqeAd0UJqThX0VTbSIyaS5gtdFiof7m2KNHPUvyvYX7aEcdUxwd
EajjDXexBGy29kwZLSD/CKjGicymfAQYnNFQUZq1LQ1rTf3Oc4c3lHhOfDqmqlMl
VhgcnSleZGhjXICXCrBurQEXVXr1FFPtNn9/6GV9aUg0859dFxjzS9t2jcom/6cs
S4pSG8yQBqGGoxM1n07K
=hA67
-----END PGP SIGNATURE-----

user · November 2, 2009, 1:02am

we are in a controlled network that is heavily firewalled, and this is a stand alone box with a few generic logins, hardly high security.

i’m runnign VSFTPd, not sure if you can set umask for it or not

ab · November 2, 2009, 1:57pm

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Google found this for me; may help:

http://www.linuxquestions.org/questions/linux-software-2/vsftp-umask-question-168393/

Good luck.

bernie1774 wrote:
> we are in a controlled network that is heavily firewalled, and this is a
> stand alone box with a few generic logins, hardly high security.
>
> i’m runnign VSFTPd, not sure if you can set umask for it or not
>
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJK7tc+AAoJEF+XTK08PnB51rMQAM8aykyeHbP5/31dFfJCAYay
TeaoGDSwWsEbpoAueBSN0DeBGNCm0/sqEw4AHSEHKZ9zpnxorHhDexiMAqdCDIR9
8bvBmfOsmd+sOvRC9Nb/VBaywoMuEBCn+lNC2XiuXnVJ67RCmGEu4MgRtxdTpfUz
Y+fZ2Z0IFeW4eLTbU2+ZwJ4jc2Ypl/+ZOg5wu6Ax48VYpemutNuXh2V0/TNV7PHw
7zyMaV2MB7gHYinsR81iLaZwqEdHQUfugaFJEk6DKgTr0Gs0rFhjGH3864wWrGuq
jBDrD4VHy43AQVO9g/4UhjlpbioIieIoVC2x/Xcp7nkZph0aHeWBz5J+8s1LPYbm
FJR222bqN5zG/tGjj9IUrNStt5fWrC0QtOi0meJOIVadkkdc8AfU5owe7PpPimrs
llFCS63OtO3MsmsmYKs4vlF+5J4dR9cXuIYu04fmUvDw6a8arJs82TAEKYtT04Dz
I2rSiPJNWBynr5wGpqSpfIMXegTIy8VprM/+55rAnm/cvJspyZEzQTI277yKEk53
1rP+kGCedJW/BOz2lLhCs9rDpvANEUQKPIQFBGgLVjscof6WFTF0SHQ4XHzp9r76
JF2Fn0gzUQVbs9WB62IABjx9u8KnU4t38wNIEvhRPPP0gWdLLeYAG9zkwvRIMflR
1LTZaLH/Ifp7Hn59ou6Z
=Ztjv
-----END PGP SIGNATURE-----