Solved

Basic linux file admin question

Posted on 2006-07-02
15
215 Views
Last Modified: 2013-12-16
Hey all,

I have a web server with a group of users who can remotely login and upload files.

The user group is: admins

The directory is: /home/rendl/public_html/downloads

When a user of the admins group logs in, they cannot change directory to /home/rendl/public_html/downloads as they receive a permission denied error.

the admins group is the owner of the downloads directory.

The users are clearly chrooted to their home directories. How can I remove that chroot (I don't care if they can see all the filesystem, they are trusted, but they only have write to their home and the /home/rendl/public_html/downloads directory.

Thanks.
0
Comment
Question by:Dodger42
15 Comments
 
LVL 22

Expert Comment

by:pjedmond
ID: 17026159
>When a user of the admins group logs in, they cannot change directory to /home/rendl/public_html/downloads >as they receive a permission denied error

It says permission denied rather than the files don't exist, therefore this is *not* likely to be a chroot environment.

http://www.tjw.org/chroot-login-HOWTO/

for a better understanding.

All you need to do therefore is make sure that these users are members of the group that owns /home/rendl/public_html/downloads, and ensure that the permissions match as required.

http://www.comptechdoc.org/os/linux/usersguide/linux_ugfilesp.html

(command you'll need is user mod -G option 'man usermod' for details)

(   (()
(`-' _\
  ''  ''
0
 

Author Comment

by:Dodger42
ID: 17026163
Here is the directory

drwxrwxr-x    2 root     tbadmins     1024 Jul  1 18:19 downloads/

The user is a member of tbadmins, yet still permission denied.

0
 
LVL 22

Expert Comment

by:pjedmond
ID: 17026186
In which case within a shell, you should be able to change to this directory!

As a result, I assume that you are in an ftp environment rather than a shell?

You may need to change the /home directory of the users to be /home/rendl/ to prevent the ftp daemon restricting their movements, or something else to 'expand the browsing range' available to the users concerned.

(   (()
(`-' _\
  ''  ''
0
 

Author Comment

by:Dodger42
ID: 17026192
Umm... I login through SSH not FTP. Can you even SSH into an FTP environment?

Thanks.
0
 
LVL 22

Expert Comment

by:pjedmond
ID: 17026213
>Can you even SSH into an FTP environment?

Nope!

>The user is a member of tbadmins, yet still permission denied.

Are you really sure? - With that configuration, you should be able to ls the directory!

cat /etc/group | grep tbadmins

should print out all the users that you want to access the directory concerned

      
Comment from pjedmond
Date: 07/02/2006 10:06AM BST
      Your Comment       

>When a user of the admins group logs in, they cannot change directory to /home/rendl/public_html/downloads >as they receive a permission denied error

It says permission denied rather than the files don't exist, therefore this is *not* likely to be a chroot environment.

http://www.tjw.org/chroot-login-HOWTO/

for a better understanding.

All you need to do therefore is make sure that these users are members of the group that owns /home/rendl/public_html/downloads, and ensure that the permissions match as required.

http://www.comptechdoc.org/os/linux/usersguide/linux_ugfilesp.html

(command you'll need is user mod -G option 'man usermod' for details)

(   (()
(`-' _\
  ''  ''

Comment from Dodger42
Date: 07/02/2006 10:08AM BST
      Author Comment       

Here is the directory

drwxrwxr-x    2 root     tbadmins     1024 Jul  1 18:19 downloads/

The user is a member of tbadmins, yet still permission denied.


Comment from pjedmond
Date: 07/02/2006 10:21AM BST
      Your Comment       

In which case within a shell, you should be able to change to this directory!

As a result, I assume that you are in an ftp environment rather than a shell?

You may need to change the /home directory of the users to be /home/rendl/ to prevent the ftp daemon restricting their movements, or something else to 'expand the browsing range' available to the users concerned.

(   (()
(`-' _\
  ''  ''
0
 

Author Comment

by:Dodger42
ID: 17026278

cat /etc/group | grep tbadmins
tbadmins:x:32011:dodger,simfd

drwxrwxr-x    2 root     tbadmins     1024 Jul  2 04:51 downloads/

simfd gets permission denied when I try: touch blah
in downloads directory.

0
 
LVL 22

Expert Comment

by:pjedmond
ID: 17026287
Can simfd:

ls -al /home/rendl/public_html/

?

(   (()
(`-' _\
  ''  ''
0
Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 

Author Comment

by:Dodger42
ID: 17026289
Yes that worked fine.
0
 
LVL 22

Expert Comment

by:pjedmond
ID: 17026323
ls -al /home/rendl/public_html/

can you copy and paste the output?...because from what you've given:

ls -al /home/rendl/public_html/downloads/

should also work fine.

if you try:

ls downloads/

then that looks in the current directory for the downloads folder

pwd

Will print yout current directory. I'm guessing that the currend directory is probably not what you thought it was?

cd /home/rendl/public_html/

will change you into the directory that you think that you ought to be in:)

(   (()
(`-' _\
  ''  ''

0
 
LVL 3

Expert Comment

by:bryanlloydharris
ID: 17164394
all directories have to be executable right?  otherwise you can't get to the one you want:

/home --x--x--x
/home/rendl --x--x--x
/home/rendl/public_html rwxrwxr-x

but if it's like this you get permission denied:
/home/ --x--x--x
/home/rendl rwx------
/home//rendl/public_html rwxrwxr-x
0
 

Author Comment

by:Dodger42
ID: 17276879
Sorry guys, I never got this working and found another way around it.
0
 
LVL 25

Expert Comment

by:Cyclops3590
ID: 17411886
Dodger42,

Please post the workaround you used.  After that a request can be put in for a PAQ/Refund.

Thanks
0
 

Author Comment

by:Dodger42
ID: 17415744
The workaround was a combination of changing the domains and the process I had planned. I still have that same problem with chroot, and just figured a different way to do what I needed.
0
 
LVL 1

Accepted Solution

by:
DarthMod earned 0 total points
ID: 17642306
PAQed with points refunded (250)

DarthMod
Community Support Moderator
0

Featured Post

Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

Join & Write a Comment

How many times have you wanted to quickly do the same thing to a list but found yourself typing it again and again? I first figured out a small time saver with the up arrow to recall the last command but that can only get you so far if you have a bi…
Join Greg Farro and Ethan Banks from Packet Pushers (http://packetpushers.net/podcast/podcasts/pq-show-93-smart-network-monitoring-paessler-sponsored/) and Greg Ross from Paessler (https://www.paessler.com/prtg) for a discussion about smart network …
Connecting to an Amazon Linux EC2 Instance from Windows Using PuTTY.
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now