This discussion is archived
7 Replies Latest reply: Nov 14, 2012 4:14 PM by Dude! RSS

Files and folders permission

Richa Newbie
Currently Being Moderated
Hi,
User with dba privileges = test
test:x:503:501::/home/test:/bin/bash
drwxrwxrwx test dba 4.0K Jul 16 09:38 test

Files and folders permission of the base directory (test) for application is 777
chmod –R 777 test

Someone has deleted a folder with test user. Luckily I had a backup copy of the same so the issue was resolved.

I need to know is it possible to create a new user for FTP purpose so that a user can only read and can place reports but will not be able to delete or change locations of any file.
  • 1. Re: Files and folders permission
    Sumedh Kulkarni Newbie
    Currently Being Moderated
    You create the unix user with "ftp" any other name and group "ftp" or another name.

    Give 775 permission to test

    chmod –R 775 test

    cd test
    mkdir inbound
    chmode 777 inbound

    Ask user to keep inputfile in "inbound" folder. We already given 775 for all files uder test so user can read all files.

    Also set "umask 022" in test user .pfile. So ,newly created file also have same permissions 775 under user test.

    Thanks,
    Sumedh
  • 2. Re: Files and folders permission
    Richa Newbie
    Currently Being Moderated
    If they want to move reports from 'new ftp user' to Report folder of 'test user' is it possible?
    Also do the application will able to execute the report even though it has been placed by different ftp user.
  • 3. Re: Files and folders permission
    Sumedh Kulkarni Newbie
    Currently Being Moderated
    They can copy the report to 'new ftp users" folder but they can not copy to Report folder for that you need to give 777 permission to Report folder
    or using test user you need to copy to Report folder.

    Report will execute no issues for that.

    Thanks,
    Sumedh
  • 4. Re: Files and folders permission
    Richa Newbie
    Currently Being Moderated
    Commands used earlier were

    useradd -g dba test
    mkdir hyper
    chmod –R 777 hyper
    chown -R test:dba hyper

    Now I need to create a new user for FTP purpose only so that a user can only read and can place files/reports but will not be able to delete or change locations of any file.
    Please help me with commands as I feel that i have to change the earlier 777 permission also.
  • 5. Re: Files and folders permission
    Dude! Guru
    Currently Being Moderated
    Unix, unlike some other operating systems, does not have a specific delete privilege in the standard file permission repertoire. It might be enough to set a SUID sticky bit on the directory, so that it works similar to /tmp, where users have the permission to delete or write their own files, but not those of others, for instance:

    chmod 1777 /ftp/upload

    If you need more control, you will have to configure and enable ACL on the filesystem.

    Some of the access restriction options are typically governed by your ftp server configuration, for instance /etc/vsftpd/vsftpd.conf. You may also check the ftpd_selinux man page, in case you are using ftpd. Since you don't tell us what you are using, no further help can be provided.
  • 6. Re: Files and folders permission
    Richa Newbie
    Currently Being Moderated
    Hello all Oracle Gurus,
    While creating a clone I gave 777 permission to every folder (chmod -R 777 TEST) as I was facing permission errors during cloning.
    Our Application main folder is TEST which have all tops and tier in it (apps, inst).
    For FTP we are using oracle user which has 777 permission on each file (chown -R appl:dba TEST).
    We are using this user for ftp and accidently deleted one folder.
    I am looking if it is possible to create additional ftp user who can drop files in required folders e.g. AU_TOP but can not delete or modify anything from any location.
    Thanks in advance.
  • 7. Re: Files and folders permission
    Dude! Guru
    Currently Being Moderated
    Perhaps you can use the following permission:

    mkdir -m 2733 /home/ftp/upload

    It's a typical dropbox, which allows anyone to write files, but not to modify or download. It sets the group ownership on all files to "nogroup." However, it will also not allow users to get a directory listing.

    Your configuration options and possibilities will depend on your FTP server software, which is typically not limited to setting filesystem permissions only and provides its own security mechanism to the client. Unless you tell us what you are using...

Legend

  • Correct Answers - 10 points
  • Helpful Answers - 5 points