First things first I am using OpenSuse 11.1 and am new to it. I am trying to get pure-ftp to behave in the following manner.
Using PAM authentication for pure-ftp virtual users.
User1 should have recursive rights to read and write to a shared folder. User 2 can only read the contents of the folders but can look through all of the folders.
I had thought of creating 2 user groups, ftprite group with read and write rights and ftpread group with read only but I can’t make that work.
Seems pretty simple but I’m still banging my head against the monitor.
Thanks
Make the folders owned by user1 but make sure that the world read (and search for directories) bits are on. User2 can just have no special privileges. I think there’s a pure-ftpd option (or was it vsftpd) to force the world read bit for files, and read and search for directories, on. Not certain though.
This tends to be a commonly raised issue with Unix permissions. The umask allows bits to be masked away, but there is no uniform platform way of forcing certain bits on, each application has to implement this. For example, Samba has the force create and force directory directives for just this need.
But I tell a lie about the platform supported way, that’s not totally true now, you can use Posix ACLs to make sure read and search are inherited. It gets hairy though, so investigate whether the app (pure-ftpd) has force-bit functionality.
I eventually solved this and learned a few things along the way.
I created 2 users (ftpuse, ftpread) and 2 groups (ftpuser, ftpreader). These groups are self explanatory; if your Pure-ftpd account is a member of ftpreader that’s all you can do. When I create an new reader account I set their home folder at the top level folder I want them to see. The important thing here is to have the Pure-ftpd account linked to ftpuse create the shared folder prior to creating the new user (learned this the hard way). Since the Pure-ftpd user linked to ftpread does not own the folder they can not delete files. However I discovered (also the hard way) that these pure-ftpd reader accounts could upload files and create folders which I did not want to happen. To counter this I set the Pure-ftpd account user’s quota to 0 and 0. Now it works as I want it to.
One thing I forgot to mention. The Pure-ftpd reader accounts can not see the files until such time as the account that created the folder and files sets the rights so that others can see them. We do this through Fireftp.
I don’t know if this solution is overly complicated but for me it works.
One other item. After creating numerous users using command line I looked around for a GUI that will do the job. Found Pure-Admin which has made things easier.