Solved

Basic linux file admin question

Posted on 2006-07-02
15
223 Views
Last Modified: 2013-12-16
Hey all,

I have a web server with a group of users who can remotely login and upload files.

The user group is: admins

The directory is: /home/rendl/public_html/downloads

When a user of the admins group logs in, they cannot change directory to /home/rendl/public_html/downloads as they receive a permission denied error.

the admins group is the owner of the downloads directory.

The users are clearly chrooted to their home directories. How can I remove that chroot (I don't care if they can see all the filesystem, they are trusted, but they only have write to their home and the /home/rendl/public_html/downloads directory.

Thanks.
0
Comment
Question by:Dodger42
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
15 Comments
 
LVL 22

Expert Comment

by:pjedmond
ID: 17026159
>When a user of the admins group logs in, they cannot change directory to /home/rendl/public_html/downloads >as they receive a permission denied error

It says permission denied rather than the files don't exist, therefore this is *not* likely to be a chroot environment.

http://www.tjw.org/chroot-login-HOWTO/

for a better understanding.

All you need to do therefore is make sure that these users are members of the group that owns /home/rendl/public_html/downloads, and ensure that the permissions match as required.

http://www.comptechdoc.org/os/linux/usersguide/linux_ugfilesp.html

(command you'll need is user mod -G option 'man usermod' for details)

(   (()
(`-' _\
  ''  ''
0
 

Author Comment

by:Dodger42
ID: 17026163
Here is the directory

drwxrwxr-x    2 root     tbadmins     1024 Jul  1 18:19 downloads/

The user is a member of tbadmins, yet still permission denied.

0
 
LVL 22

Expert Comment

by:pjedmond
ID: 17026186
In which case within a shell, you should be able to change to this directory!

As a result, I assume that you are in an ftp environment rather than a shell?

You may need to change the /home directory of the users to be /home/rendl/ to prevent the ftp daemon restricting their movements, or something else to 'expand the browsing range' available to the users concerned.

(   (()
(`-' _\
  ''  ''
0
NEW Veeam Agent for Microsoft Windows

Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!

 

Author Comment

by:Dodger42
ID: 17026192
Umm... I login through SSH not FTP. Can you even SSH into an FTP environment?

Thanks.
0
 
LVL 22

Expert Comment

by:pjedmond
ID: 17026213
>Can you even SSH into an FTP environment?

Nope!

>The user is a member of tbadmins, yet still permission denied.

Are you really sure? - With that configuration, you should be able to ls the directory!

cat /etc/group | grep tbadmins

should print out all the users that you want to access the directory concerned

      
Comment from pjedmond
Date: 07/02/2006 10:06AM BST
      Your Comment       

>When a user of the admins group logs in, they cannot change directory to /home/rendl/public_html/downloads >as they receive a permission denied error

It says permission denied rather than the files don't exist, therefore this is *not* likely to be a chroot environment.

http://www.tjw.org/chroot-login-HOWTO/

for a better understanding.

All you need to do therefore is make sure that these users are members of the group that owns /home/rendl/public_html/downloads, and ensure that the permissions match as required.

http://www.comptechdoc.org/os/linux/usersguide/linux_ugfilesp.html

(command you'll need is user mod -G option 'man usermod' for details)

(   (()
(`-' _\
  ''  ''

Comment from Dodger42
Date: 07/02/2006 10:08AM BST
      Author Comment       

Here is the directory

drwxrwxr-x    2 root     tbadmins     1024 Jul  1 18:19 downloads/

The user is a member of tbadmins, yet still permission denied.


Comment from pjedmond
Date: 07/02/2006 10:21AM BST
      Your Comment       

In which case within a shell, you should be able to change to this directory!

As a result, I assume that you are in an ftp environment rather than a shell?

You may need to change the /home directory of the users to be /home/rendl/ to prevent the ftp daemon restricting their movements, or something else to 'expand the browsing range' available to the users concerned.

(   (()
(`-' _\
  ''  ''
0
 

Author Comment

by:Dodger42
ID: 17026278

cat /etc/group | grep tbadmins
tbadmins:x:32011:dodger,simfd

drwxrwxr-x    2 root     tbadmins     1024 Jul  2 04:51 downloads/

simfd gets permission denied when I try: touch blah
in downloads directory.

0
 
LVL 22

Expert Comment

by:pjedmond
ID: 17026287
Can simfd:

ls -al /home/rendl/public_html/

?

(   (()
(`-' _\
  ''  ''
0
 

Author Comment

by:Dodger42
ID: 17026289
Yes that worked fine.
0
 
LVL 22

Expert Comment

by:pjedmond
ID: 17026323
ls -al /home/rendl/public_html/

can you copy and paste the output?...because from what you've given:

ls -al /home/rendl/public_html/downloads/

should also work fine.

if you try:

ls downloads/

then that looks in the current directory for the downloads folder

pwd

Will print yout current directory. I'm guessing that the currend directory is probably not what you thought it was?

cd /home/rendl/public_html/

will change you into the directory that you think that you ought to be in:)

(   (()
(`-' _\
  ''  ''

0
 
LVL 3

Expert Comment

by:bryanlloydharris
ID: 17164394
all directories have to be executable right?  otherwise you can't get to the one you want:

/home --x--x--x
/home/rendl --x--x--x
/home/rendl/public_html rwxrwxr-x

but if it's like this you get permission denied:
/home/ --x--x--x
/home/rendl rwx------
/home//rendl/public_html rwxrwxr-x
0
 

Author Comment

by:Dodger42
ID: 17276879
Sorry guys, I never got this working and found another way around it.
0
 
LVL 25

Expert Comment

by:Cyclops3590
ID: 17411886
Dodger42,

Please post the workaround you used.  After that a request can be put in for a PAQ/Refund.

Thanks
0
 

Author Comment

by:Dodger42
ID: 17415744
The workaround was a combination of changing the domains and the process I had planned. I still have that same problem with chroot, and just figured a different way to do what I needed.
0
 
LVL 1

Accepted Solution

by:
DarthMod earned 0 total points
ID: 17642306
PAQed with points refunded (250)

DarthMod
Community Support Moderator
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

I am a long time windows user and for me it is normal to have spaces in directory and file names. Changing to Linux I found myself frustrated when I moved my windows data over to my new Linux computer. The problem occurs when at the command line.…
Setting up Secure Ubuntu server on VMware 1.      Insert the Ubuntu Server distribution CD or attach the ISO of the CD which is in the “Datastore”. Note that it is important to install the x64 edition on servers, not the X86 editions. 2.      Power on th…
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:
Suggested Courses

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question