Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 235
  • Last Modified:

Basic linux file admin question

Hey all,

I have a web server with a group of users who can remotely login and upload files.

The user group is: admins

The directory is: /home/rendl/public_html/downloads

When a user of the admins group logs in, they cannot change directory to /home/rendl/public_html/downloads as they receive a permission denied error.

the admins group is the owner of the downloads directory.

The users are clearly chrooted to their home directories. How can I remove that chroot (I don't care if they can see all the filesystem, they are trusted, but they only have write to their home and the /home/rendl/public_html/downloads directory.

Thanks.
0
Dodger42
Asked:
Dodger42
1 Solution
 
pjedmondCommented:
>When a user of the admins group logs in, they cannot change directory to /home/rendl/public_html/downloads >as they receive a permission denied error

It says permission denied rather than the files don't exist, therefore this is *not* likely to be a chroot environment.

http://www.tjw.org/chroot-login-HOWTO/

for a better understanding.

All you need to do therefore is make sure that these users are members of the group that owns /home/rendl/public_html/downloads, and ensure that the permissions match as required.

http://www.comptechdoc.org/os/linux/usersguide/linux_ugfilesp.html

(command you'll need is user mod -G option 'man usermod' for details)

(   (()
(`-' _\
  ''  ''
0
 
Dodger42Author Commented:
Here is the directory

drwxrwxr-x    2 root     tbadmins     1024 Jul  1 18:19 downloads/

The user is a member of tbadmins, yet still permission denied.

0
 
pjedmondCommented:
In which case within a shell, you should be able to change to this directory!

As a result, I assume that you are in an ftp environment rather than a shell?

You may need to change the /home directory of the users to be /home/rendl/ to prevent the ftp daemon restricting their movements, or something else to 'expand the browsing range' available to the users concerned.

(   (()
(`-' _\
  ''  ''
0
Fill in the form and get your FREE NFR key NOW!

Veeam is happy to provide a FREE NFR server license to certified engineers, trainers, and bloggers.  It allows for the non‑production use of Veeam Agent for Microsoft Windows. This license is valid for five workstations and two servers.

 
Dodger42Author Commented:
Umm... I login through SSH not FTP. Can you even SSH into an FTP environment?

Thanks.
0
 
pjedmondCommented:
>Can you even SSH into an FTP environment?

Nope!

>The user is a member of tbadmins, yet still permission denied.

Are you really sure? - With that configuration, you should be able to ls the directory!

cat /etc/group | grep tbadmins

should print out all the users that you want to access the directory concerned

      
Comment from pjedmond
Date: 07/02/2006 10:06AM BST
      Your Comment       

>When a user of the admins group logs in, they cannot change directory to /home/rendl/public_html/downloads >as they receive a permission denied error

It says permission denied rather than the files don't exist, therefore this is *not* likely to be a chroot environment.

http://www.tjw.org/chroot-login-HOWTO/

for a better understanding.

All you need to do therefore is make sure that these users are members of the group that owns /home/rendl/public_html/downloads, and ensure that the permissions match as required.

http://www.comptechdoc.org/os/linux/usersguide/linux_ugfilesp.html

(command you'll need is user mod -G option 'man usermod' for details)

(   (()
(`-' _\
  ''  ''

Comment from Dodger42
Date: 07/02/2006 10:08AM BST
      Author Comment       

Here is the directory

drwxrwxr-x    2 root     tbadmins     1024 Jul  1 18:19 downloads/

The user is a member of tbadmins, yet still permission denied.


Comment from pjedmond
Date: 07/02/2006 10:21AM BST
      Your Comment       

In which case within a shell, you should be able to change to this directory!

As a result, I assume that you are in an ftp environment rather than a shell?

You may need to change the /home directory of the users to be /home/rendl/ to prevent the ftp daemon restricting their movements, or something else to 'expand the browsing range' available to the users concerned.

(   (()
(`-' _\
  ''  ''
0
 
Dodger42Author Commented:

cat /etc/group | grep tbadmins
tbadmins:x:32011:dodger,simfd

drwxrwxr-x    2 root     tbadmins     1024 Jul  2 04:51 downloads/

simfd gets permission denied when I try: touch blah
in downloads directory.

0
 
pjedmondCommented:
Can simfd:

ls -al /home/rendl/public_html/

?

(   (()
(`-' _\
  ''  ''
0
 
Dodger42Author Commented:
Yes that worked fine.
0
 
pjedmondCommented:
ls -al /home/rendl/public_html/

can you copy and paste the output?...because from what you've given:

ls -al /home/rendl/public_html/downloads/

should also work fine.

if you try:

ls downloads/

then that looks in the current directory for the downloads folder

pwd

Will print yout current directory. I'm guessing that the currend directory is probably not what you thought it was?

cd /home/rendl/public_html/

will change you into the directory that you think that you ought to be in:)

(   (()
(`-' _\
  ''  ''

0
 
bryanlloydharrisCommented:
all directories have to be executable right?  otherwise you can't get to the one you want:

/home --x--x--x
/home/rendl --x--x--x
/home/rendl/public_html rwxrwxr-x

but if it's like this you get permission denied:
/home/ --x--x--x
/home/rendl rwx------
/home//rendl/public_html rwxrwxr-x
0
 
Dodger42Author Commented:
Sorry guys, I never got this working and found another way around it.
0
 
Cyclops3590Commented:
Dodger42,

Please post the workaround you used.  After that a request can be put in for a PAQ/Refund.

Thanks
0
 
Dodger42Author Commented:
The workaround was a combination of changing the domains and the process I had planned. I still have that same problem with chroot, and just figured a different way to do what I needed.
0
 
DarthModCommented:
PAQed with points refunded (250)

DarthMod
Community Support Moderator
0

Featured Post

Ask an Anonymous Question!

Don't feel intimidated by what you don't know. Ask your question anonymously. It's easy! Learn more and upgrade.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now