7 Replies Latest reply: Nov 14, 2012 6:14 PM by Catch_22 RSS

    Files and folders permission

    Richa
      Hi,
      User with dba privileges = test
      test:x:503:501::/home/test:/bin/bash
      drwxrwxrwx test dba 4.0K Jul 16 09:38 test

      Files and folders permission of the base directory (test) for application is 777
      chmod –R 777 test

      Someone has deleted a folder with test user. Luckily I had a backup copy of the same so the issue was resolved.

      I need to know is it possible to create a new user for FTP purpose so that a user can only read and can place reports but will not be able to delete or change locations of any file.
        • 1. Re: Files and folders permission
          Sumedh Kulkarni
          You create the unix user with "ftp" any other name and group "ftp" or another name.

          Give 775 permission to test

          chmod –R 775 test

          cd test
          mkdir inbound
          chmode 777 inbound

          Ask user to keep inputfile in "inbound" folder. We already given 775 for all files uder test so user can read all files.

          Also set "umask 022" in test user .pfile. So ,newly created file also have same permissions 775 under user test.

          Thanks,
          Sumedh
          • 2. Re: Files and folders permission
            Richa
            If they want to move reports from 'new ftp user' to Report folder of 'test user' is it possible?
            Also do the application will able to execute the report even though it has been placed by different ftp user.
            • 3. Re: Files and folders permission
              Sumedh Kulkarni
              They can copy the report to 'new ftp users" folder but they can not copy to Report folder for that you need to give 777 permission to Report folder
              or using test user you need to copy to Report folder.

              Report will execute no issues for that.

              Thanks,
              Sumedh
              • 4. Re: Files and folders permission
                Richa
                Commands used earlier were

                useradd -g dba test
                mkdir hyper
                chmod –R 777 hyper
                chown -R test:dba hyper

                Now I need to create a new user for FTP purpose only so that a user can only read and can place files/reports but will not be able to delete or change locations of any file.
                Please help me with commands as I feel that i have to change the earlier 777 permission also.
                • 5. Re: Files and folders permission
                  Catch_22
                  Unix, unlike some other operating systems, does not have a specific delete privilege in the standard file permission repertoire. It might be enough to set a SUID sticky bit on the directory, so that it works similar to /tmp, where users have the permission to delete or write their own files, but not those of others, for instance:

                  chmod 1777 /ftp/upload

                  If you need more control, you will have to configure and enable ACL on the filesystem.

                  Some of the access restriction options are typically governed by your ftp server configuration, for instance /etc/vsftpd/vsftpd.conf. You may also check the ftpd_selinux man page, in case you are using ftpd. Since you don't tell us what you are using, no further help can be provided.
                  • 6. Re: Files and folders permission
                    Richa
                    Hello all Oracle Gurus,
                    While creating a clone I gave 777 permission to every folder (chmod -R 777 TEST) as I was facing permission errors during cloning.
                    Our Application main folder is TEST which have all tops and tier in it (apps, inst).
                    For FTP we are using oracle user which has 777 permission on each file (chown -R appl:dba TEST).
                    We are using this user for ftp and accidently deleted one folder.
                    I am looking if it is possible to create additional ftp user who can drop files in required folders e.g. AU_TOP but can not delete or modify anything from any location.
                    Thanks in advance.
                    • 7. Re: Files and folders permission
                      Catch_22
                      Perhaps you can use the following permission:

                      mkdir -m 2733 /home/ftp/upload

                      It's a typical dropbox, which allows anyone to write files, but not to modify or download. It sets the group ownership on all files to "nogroup." However, it will also not allow users to get a directory listing.

                      Your configuration options and possibilities will depend on your FTP server software, which is typically not limited to setting filesystem permissions only and provides its own security mechanism to the client. Unless you tell us what you are using...