Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

vfstpd umask and unix umask for ftp only users

Posted on 2004-09-02
2
Medium Priority
?
684 Views
Last Modified: 2013-12-23
Hi

I've got a handful of users on my Debian server that are FTP only, they are chrooted to their home directly (I use vsftpd) and have their login shell set to /bin/false. Their home directory is used by Apache to host web sites.

What permissions should I set to these users home directories? I'm guessing 700.

What about the umask setting for vsftpd?

In need of some "best practice" guidance.


Gareth
0
Comment
Question by:localgareth
1 Comment
 
LVL 38

Accepted Solution

by:
yuzh earned 1000 total points
ID: 11970582
It depends on what type of security you want to maintain and the data exchange between the
user in the same group.

I would set the FTP umask to 027, owner can do anything, groud user has rx, but no WRITE
permission. For the user's home, permissions are 750 as well (same reason as FTP).

Please have a look at the following docs to learn more:
http://techrepublic.com.com/5206-6286-0.html?forumID=11&threadID=117401&start=0
http://mandrakeuser.org/docs/mdoc/user/bastille-levels.html

0

Featured Post

Nothing ever in the clear!

This technical paper will help you implement VMware’s VM encryption as well as implement Veeam encryption which together will achieve the nothing ever in the clear goal. If a bad guy steals VMs, backups or traffic they get nothing.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you’re involved with your company’s wide area network (WAN), you’ve probably heard about SD-WANs. They’re the “boy wonder” of networking, ostensibly allowing companies to replace expensive MPLS lines with low-cost Internet access. But, are they …
Unable to change the program that handles the scan event from a network attached Canon/Brother printer/scanner. This means you'll always have to choose which program handles this action, e.g. ControlCenter4 (in the case of a Brother).
There's a multitude of different network monitoring solutions out there, and you're probably wondering what makes NetCrunch so special. It's completely agentless, but does let you create an agent, if you desire. It offers powerful scalability …
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…

877 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question