Date: Fri, 18 Oct 1996 10:48:44 +600 CDT From: "Larry Dolinar" <LARRYD@bldg1.croute.com> To: questions@freebsd.org Subject: umask for wuftpd differs for guest users.. Message-ID: <10E2FC9102C9@bldg1.croute.com>
next in thread | raw e-mail | index | archive | help
We're operating an FTP server with the WU-FTP package 2.4(1) and running a few guest accounts, and an interesting thing has come up. The standard anonymous users (internal or external) deposit files with permissions 664, but the users in the guest group create files with 644. What we're trying to achieve is the following: - anonymous access for those that don't care about privacy - private accounts for those that don't want their files open to the anonymous account (and don't compromise our system either) Additionally a few paranoid types prefer that their files aren't available to just any accounts on the FTP server. That part is probably debatable, but in trying to accomodate it, I set the permissions on their /incoming and /outgoing directories to 660. As is usual for adduser on FreeBSD, this account (call it "thing") is user "thing" and group "thing". Select local accounts on the FTP server are added to group "thing" to let them get at /incoming and /outgoing files through their normal logins. "thing" is a member of group "guest" so the access restrictions apply during FTP access by "thing", which works fine. The select local account ("other") is a member of group "thing" to get at files. Via telnet, "other"s umask (2) creates files with 664, but via FTP this becomes 644. To summarize: /etc/group (abbreviated): wheel:*:0:root operator:*:5:root guest:*:31:thing other:*:1008:other thing:*:1009:thing,other nogroup:*:65533: nobody:*:65534: ls -laR ~thing: total 14 drwxr-xr-x 6 root operator 512 Oct 16 16:37 . drwxr-xr-x 14 root wheel 512 Oct 16 09:15 .. -r-x------ 1 thing thing 100 Oct 16 16:37 .cshrc dr-xr-xr-x 2 root operator 512 Jun 7 15:05 bin dr-xr-xr-x 2 root operator 512 Jun 20 12:17 etc drwxrwx--- 2 thing thing 512 Oct 18 10:15 incoming drwxrwx--- 2 thing thing 512 Oct 18 10:11 outgoing ./bin: total 220 dr-xr-xr-x 2 root operator 512 Jun 7 15:05 . drwxr-xr-x 6 root operator 512 Oct 16 16:37 .. ---x--x--x 1 root operator 65536 Jun 7 15:05 date ---x--x--x 1 root operator 147456 Jun 7 15:05 ls ./etc: total 54 dr-xr-xr-x 2 root operator 512 Jun 20 12:17 . drwxr-xr-x 6 root operator 512 Oct 16 16:37 .. -rw-r--r-- 1 root operator 402 Jun 7 15:08 ftpmotd -r--r--r-- 1 root operator 309 Jun 20 12:17 group -r--r--r-- 1 root operator 784 Jun 20 12:17 passwd ./incoming: total 4 drwxrwx--- 2 thing thing 512 Oct 18 10:15 . drwxr-xr-x 6 root operator 512 Oct 16 16:37 .. ./outgoing: total 1564 drwxrwx--- 2 thing thing 512 Oct 18 10:11 . drwxr-xr-x 6 root operator 512 Oct 16 16:37 .. -rw-r----- 1 other thing 684229 Oct 18 09:54 D19258.zip -rw-r----- 1 other thing 886204 Oct 18 09:54 D19647.zip The .cshrc is little more than a message about "no telnet" and a logout, should "thing" try any telnet access. Naturally "thing" can't delete "other"s files in /outgoing once he gets them, *and he wants to*. I have no problem with that. The question is, why does the umask change? I assume WUFTPD is forcing this. But why not for anonymous users as well? last of all, /usr/local/ftpaccess: class all real,guest,anonymous * guestgroup guest limit all 10 Any /etc/msgs/msg.dead readme README* login readme README* cwd=* message /welcome.msg login message .message cwd=* compress yes local remote tar yes local remote banner /etc/ftpwelcome #log commands real,guest log transfers anonymous,guest,real inbound,outbound shutdown /etc/shutmsg email user@hostname umask yes anonymous,guest,real All suggestions welcomed. thanks, larry
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?10E2FC9102C9>