Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

vfstpd umask and unix umask for ftp only users

Posted on 2004-09-02
2
Medium Priority
?
667 Views
Last Modified: 2013-12-23
Hi

I've got a handful of users on my Debian server that are FTP only, they are chrooted to their home directly (I use vsftpd) and have their login shell set to /bin/false. Their home directory is used by Apache to host web sites.

What permissions should I set to these users home directories? I'm guessing 700.

What about the umask setting for vsftpd?

In need of some "best practice" guidance.


Gareth
0
Comment
Question by:localgareth
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 38

Accepted Solution

by:
yuzh earned 1000 total points
ID: 11970582
It depends on what type of security you want to maintain and the data exchange between the
user in the same group.

I would set the FTP umask to 027, owner can do anything, groud user has rx, but no WRITE
permission. For the user's home, permissions are 750 as well (same reason as FTP).

Please have a look at the following docs to learn more:
http://techrepublic.com.com/5206-6286-0.html?forumID=11&threadID=117401&start=0
http://mandrakeuser.org/docs/mdoc/user/bastille-levels.html

0

Featured Post

Optimum High-Definition Video Viewing and Control

The ATEN VM0404HA 4x4 4K HDMI Matrix Switch supports 4K resolutions of UHD (3840 x 2160) and DCI (4096 x 2160) with refresh rates of 30 Hz (4:4:4) and 60 Hz (4:2:0). It is ideal for applications where the routing of 4K digital signals is required.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article is a collection of issues that people face from time to time and possible solutions to those issues. I hope you enjoy reading it.
Make the most of your online learning experience.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…

721 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question