[CentOS] perplexing permissions issue

Fri Sep 4 16:59:27 UTC 2009
Dave <dave.mehler at gmail.com>

Hi,
	Thanks for your reply. The set group id bit solved the issue of the
permissions issue, my problem now is that ftp users who upload content are
virtual they run under the pure-ftpd user which is ftpuser, with set group
id on that user can't write files to the data area. I have added ftpuser to
the webdev group.
Thanks.
Dave.
 

-----Original Message-----
From: centos-bounces at centos.org [mailto:centos-bounces at centos.org] On Behalf
Of Alan Sparks
Sent: Friday, September 04, 2009 11:14 AM
To: CentOS mailing list
Subject: Re: [CentOS] perplexing permissions issue

Dave wrote:
> Hello,
> 	I have a perplexing permissions problem that i thought i had, but 
> it's resurfaced.
> 	I'm running CentOS 5.3 and it runs an apache web server. The 
> permissions on the web data directory in this case 
> /var/www/secure/data are set to 4775 owner of apache group of webdev. 
> All users that should be allowed to place content are in the webdev 
> group. I was under the impression that any file then placed in that 
> directory would have a owner of apache and a group of webdev 
> permissions of 664. Whenever a locally logged on user adds content 
> permissions are set to 664 but owner and group membership are that of 
> the user who added the files not apache and webdev. The issue is 
> further compounded when a user logs in via ftp and adds files or folders.
They are owned by the ftp user and group.
> Any assistance appreciated.
> 	Thanks.
> 	Dave.
> 	
>
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
>   

Am assuming these users are in the webdev group, but 'webdev' is not their
primary group.  Can you try using the set-gid bit on the affected directory
( /var/www/secure/data/ ) to force the group ownership of objects created
there to have same group ID as the directory, viz:

chgrp webdev /var/www/secure/data/
chmod g+s /var/www/secure/data/

>From your text, it appear you have objects getting created with
appropriate group write permissions.
-Alan


_______________________________________________
CentOS mailing list
CentOS at centos.org
http://lists.centos.org/mailman/listinfo/centos