• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1039
  • Last Modified:

Automatically inherit 755 permissions inside public_html folder

When creating new users in Ubuntu, their home directory is created with a "public_html" folder.  The permissions for this folder are 755.  However, any files or folders I ftp to public_html inherit 600 (file level) or 700 (folder level).  I can manually change these permissions using the FTP client, command line, or webmin ---- but it would be handy if all new files and folders inherited 755 permissions.
0
Randyp53
Asked:
Randyp53
  • 7
  • 6
1 Solution
 
arnoldCommented:
chmod 755 /etc/skell/public_html
The settign for newly created files/folders is via umask such that if you have your umask set to 077 any file the user creates will be 0600 or for directory 0700
set umask to 022 and any file the user creates will have the 644 or 755 right for file/directory respectively.

The ftp server is often/commonly defaults to umask of 022

umask is a negative/reverse mechanism i.e. when a file is created the permissions are set based on the umask starting with 777 and then negated by the setting in the umask in this case the write right is removed from the group and world.

Hope this clarifies it. another option if you have a centrall login script, you can add within it a process that on user login/logout goes through that user's public_html folder and resets the permissions on the subdirectories and sub files to 755,644 respectively.  You may want to take a consideration that a user may have set their directory to 711 to avoid having that directories contents from being browsable.  And the auto-change setting suggested above will reverse that decision by the user.  So checking for the current mod of the directory should be considered.
0
 
Randyp53Author Commented:
Getting a message at the terminal, "operation not permitted"
0
 
argh226Commented:
Ok, its basic, but you did this as a root/admin?
0
 [eBook] Windows Nano Server

Download this FREE eBook and learn all you need to get started with Windows Nano Server, including deployment options, remote management
and troubleshooting tips and tricks

 
arnoldCommented:
What operation did you do that was not permitted?
In this forum since you are the eyes and hands, you need to provide as much detail as possible as to what you did and what you saw for me to be able to understand the situation and possibly suggest a course of action to achieve your goal.
0
 
Randyp53Author Commented:
Not as root, but as an admin.  Should I attempt it as root?

I performed the below operation

chmod 755 /etc/skel/public_html
0
 
Randyp53Author Commented:
Logging in as root allowed the operation.

I deleted and readded the user.  Public_html folder created automatically with 755 permissions, but again, when I transfer folders or files via ftp, they inherit rw permissions only.  
0
 
arnoldCommented:
Within the FTP configuration, make sure the umask is set to 022 and not 077.
Which ftp server do you use vsftp, wsftp, proftpd etc.

/etc/<yourftpserver_type>/<yourftpserver_type>.conf
some use the local_umask= as the means to control the creation of files/directories by users and should be set to 022.
If you are using a GUI based FTP client, it often has the option to change the settings(chmod).
on the command lite you have to issue the quote site chmod 755 for each directory and 644 for each file.
0
 
arnoldCommented:
after you make the configuration, restart the ftpd service.
0
 
Randyp53Author Commented:
ProFTPD

Here is the config file:

#   # <Directory incoming>
#   #   # Umask 022 is a good standard umask to prevent new files and dirs
#   #   # (second parm) from being group and world writable.
#   # Umask                        022  022
#   #            <Limit READ WRITE>
#   #            DenyAll
#   #            </Limit>
#   #            <Limit STOR>
#   #            AllowAll
#   #            </Limit>
#   # </Directory>

Are you saying to uncomment the Umask?
0
 
arnoldCommented:
Yes, or make sure there is nothing else that sets the UMAS to 077 either in the startup scripts, etc.  Since looking could take a long time, setting it explicitly here should resolve the issue without the need to track.
0
 
Randyp53Author Commented:
New files transferred are being assigned 644.  They're missing the execute portion to make them 755.  I was reading up on ProFTPD and found that it might not be possible to automatically assign execute rights to new files  (only to folders) - that these rights had to be taken care of via the console or gui.  If that's the case, I'll deal with it.  But I was looking for a cleaner solution.
0
 
arnoldCommented:
Files always get 664 created directories, get 755.
No way to alter that behavior.  A web browser accessing the file does not execute them within the shell, all the web browser has to have is read access to the file and if it is a script file PHP, etc. the php will run and interpret the code.  Only CGi's (scripts in the /cgi-bin or .pl) have to have execute bit for the web server to run them.  And this has to be done on a per file basis.
0
 
Randyp53Author Commented:
Yes, I see.  And it's working.  I think you've solved my problem.  Thank you for the advice and patience.
0
 
Randyp53Author Commented:
Patient and helpful
0

Featured Post

Free Backup Tool for VMware and Hyper-V

Restore full virtual machine or individual guest files from 19 common file systems directly from the backup file. Schedule VM backups with PowerShell scripts. Set desired time, lean back and let the script to notify you via email upon completion.  

  • 7
  • 6
Tackle projects and never again get stuck behind a technical roadblock.
Join Now