Solved

vfstpd umask and unix umask for ftp only users

Posted on 2004-09-02
2
621 Views
Last Modified: 2013-12-23
Hi

I've got a handful of users on my Debian server that are FTP only, they are chrooted to their home directly (I use vsftpd) and have their login shell set to /bin/false. Their home directory is used by Apache to host web sites.

What permissions should I set to these users home directories? I'm guessing 700.

What about the umask setting for vsftpd?

In need of some "best practice" guidance.


Gareth
0
Comment
Question by:localgareth
2 Comments
 
LVL 38

Accepted Solution

by:
yuzh earned 250 total points
ID: 11970582
It depends on what type of security you want to maintain and the data exchange between the
user in the same group.

I would set the FTP umask to 027, owner can do anything, groud user has rx, but no WRITE
permission. For the user's home, permissions are 750 as well (same reason as FTP).

Please have a look at the following docs to learn more:
http://techrepublic.com.com/5206-6286-0.html?forumID=11&threadID=117401&start=0
http://mandrakeuser.org/docs/mdoc/user/bastille-levels.html

0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Upgrade firmware on Engenius BH-ENS202Wi-Fi router 5 41
Need help with VLAN issue 6 59
Expanding Subnet Mask 20 111
Lightweight Networking 9 43
Short answer to this question: there is no effective WiFi manager in iOS devices as seen in Windows WiFi or Macbook OSx WiFi management, but this article will try and provide some amicable solutions to better suite your needs.
When you try to share a printer , you may receive one of the following error messages. Error message when you use the Add Printer Wizard to share a printer: Windows could not share your printer. Operation could not be completed (Error 0x000006…
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question