Permissions and FTP daemons


I have this scenario:

I have a user "bob" whose $HOME is /var/www/html. Permissions on this directory are like so: drwxr-xr-x   15 bob bob         4096 Apr 19 15:52 html
I also have a user "foo" whose $HOME is /var/www/html/foo. Permissions on this dir are like so: drwxr-xr-x   55 bob bob         4096 Apr 15 16:13 foo
Now, there's a file in /var/www/html/foo/index.php whose permissions are like so: -rw-r--r--    1 bob bob    16263 Apr  3 17:04 /var/www/html/foo/index.php
If user "foo" does an FTP session, why _CAN_ he delete the file /var/www/html/foo/index.php ???
The users have different uids and gids.
I have tested this on wu-ftpd, pureftpd and proftpd and am running RedHat 6.2 and 7.2.

Maybe this can help?

[root@mirror root]# ls -al /var/www/html/foo/
total 472
drwxr-xr-x   55 bob      bob         4096 Apr 15 16:13 .
drwxr-xr-x   15 bob      bob         4096 Apr 19 15:52 ..
-rw-r--r--    1 bob      bob        16263 Apr  3 17:04 index.php
Who is Participating?
jlevieConnect With a Mentor Commented:
Yep, that'll do it. You need to make certain the directories of users are no more permissive than 755 (rwxr-xr-x). Other (world) read and search permission are needed in this case so that the web server can access the contents. In most other cases a home dir can be 700 (rwx------).

I good thing to do for a web server that hosts a number of virtual domains is to use ProFTP and configure it to chroot each user into their login directory. This, regardless of directory permissions, will prevent an FTP user from being able to delete or view files that aren't in their login dir. They can't even see anything else on the system.
Tell me more about how you have FTP set up and how users establish their FTP session. I use wu-ftp and ProFTP and a user can't delete a file that they don't have rights to, so it must be something related to how you are using FTP.
chadukaAuthor Commented:
Okay, I have managed to find out why. It's the directory permissions that are screwed up. Fact: directory permissions take precedence over any file permissions within that directory.
Build your data science skills into a career

Are you ready to take your data science career to the next step, or break into data science? With Springboard’s Data Science Career Track, you’ll master data science topics, have personalized career guidance, weekly calls with a data science expert, and a job guarantee.

chadukaAuthor Commented:
Yeah, well, on most boxes, I run ncftpd and it's got that chroot feature. Was just being buffled by the way this one was behaving, only to find out that a directory high up there, the /var/www directory, was set to drwxrwxrwx. /me cries. ..some people!
chadukaAuthor Commented:
...well, just thought I should give you the points that were at stake anyway.
NcFTP is great stuff. ProFTP is almost as good and has much of the same capabilities. The documentation for ProFTP isn't nearly as good though (IMHO).
chadukaAuthor Commented:
I have gotten used to NcFTPd. I will try understand ProFTP. Heard PureFTPd is quite excellent as well.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.