ioFTPD General New releases, comments, questions regarding the latest version of ioFTPD. |
05-15-2007, 04:59 AM
|
#1
|
Junior Member
Join Date: Apr 2007
Posts: 11
|
Permissions on a per .vfs basis?
Hi guys, hope you can bear with me for a while now, im suffering from a "forgot-all-about-configuring-ioFTPD"-syndrome but i am slowly recovering
Let´s say i have three different groups added to the site. Each of the groups uses their own vfs file so they can only see and access the harddrive directory configured in their vfs. All well there, no problem. But now i want to set permissions for what each group is allowed to do in their home dir, like uploading, downloading etcetera etcetera. Can i set permissions on a vfs basis then? Like, group A is allowed to upload in their homedir, but no more, group B is allowed both up/downloading and so on.
Does this make any sense? What i am trying to find out is if i can describe different permissions for each group. Looking at the ioftpd.ini it seems like i have to define permissions for each group in the .ini file, is that the way it should be done?
|
|
|
05-15-2007, 10:32 AM
|
#2
|
Senior Member
ioFTPD Scripter
Join Date: Oct 2002
Posts: 703
|
You can use the detailed vfs permissions in ioFTPD.ini for this. For example if you've mapped both groups homedirs to the same virtual name in their vfs:
Code:
[VFS]
MakeDir = /home/* *
Upload = /home/* *
Download = /home/* =groupB !=groupA !*
DeleteOwn = /home/* =groupB !=groupA !*
RenameOwn = /home/* =groupB !=groupA !*
But don't forget to always keep the default permissions at the bottom to not screw up the permissions for the rest of the site. Example:
Code:
Download = /home/* =groupB !=groupA !*
Download = * *
/ZR
|
|
|
05-15-2007, 11:00 AM
|
#3
|
Junior Member
Join Date: Apr 2007
Posts: 11
|
Quote:
Originally Posted by Zer0Racer
You can use the detailed vfs permissions in ioFTPD.ini for this. For example if you've mapped both groups homedirs to the same virtual name in their vfs:
Code:
[VFS]
MakeDir = /home/* *
Upload = /home/* *
Download = /home/* =groupB !=groupA !*
DeleteOwn = /home/* =groupB !=groupA !*
RenameOwn = /home/* =groupB !=groupA !*
But don't forget to always keep the default permissions at the bottom to not screw up the permissions for the rest of the site. Example:
Code:
Download = /home/* =groupB !=groupA !*
Download = * *
/ZR
|
Sweet, Zero, this looks exactly what i was looking for Thanks a bunch!
EDIT: There´s a few VFS sections through out the ioftpd.ini file, which one are you referring to in your answer? I guess it´s the one in the "Permissions" section, but better safe than sorry
Last edited by IggyPop; 05-15-2007 at 11:07 AM.
|
|
|
05-15-2007, 01:31 PM
|
#4
|
Senior Member
ioFTPD Scripter
Join Date: Oct 2002
Posts: 703
|
Under [VFS]. Look closely at my previous post
You can see it next to the other Upload = /Incoming/* 31VM stuff
/ZR
|
|
|
05-16-2007, 12:57 AM
|
#5
|
Junior Member
Join Date: Apr 2007
Posts: 11
|
Quote:
Originally Posted by Zer0Racer
Under [VFS]. Look closely at my previous post
You can see it next to the other Upload = /Incoming/* 31VM stuff
/ZR
|
Yup, found it, edited it and will soon test it. Dang, with the help of you guys im sure i will get this baby on the road again. Happy happy, joy joy!
|
|
|
05-16-2007, 02:14 AM
|
#6
|
Junior Member
FlashFXP Registered User ioFTPD Foundation User
Join Date: Jul 2005
Posts: 6
|
OMFG, sorry for off topic, but i accidentally stumbled upon an old text document and found my old and original login credentials
IggyPop=e-buzzen. Guess i´ll be using the old one from now on....
|
|
|
05-16-2007, 02:54 AM
|
#7
|
Junior Member
FlashFXP Registered User ioFTPD Foundation User
Join Date: Jul 2005
Posts: 6
|
OK, let´s see if i did this correct now.
Upload = /* =groupA =groupB !*
I translate this into allowing users from groupA to upload in their home dir defined in groupA.vfs, the same for groupB (different home dir though) but no one else allowed to upload in the home dir defined in default.vfs, is that correct?
User added with default settings ends up in the NoGroup and cant, in my example above, not upload anything, right? That works OK, but users from groupA and groupB are also not able to upload. What have i done wrong?
|
|
|
05-16-2007, 03:39 AM
|
#8
|
Senior Member
ioFTPD Scripter
Join Date: Oct 2002
Posts: 703
|
The rule above will give you trouble if you have specified two different root dirs in the group's vfs and the default.vfs. You're only allowing groupA and groupB to upload anywhere on the site since /* is the root. Noone else will be able to upload at all, besides the Master account and maybe the VFS administrator.
I'm not 100% sure on how the VFS permissions work if you, for instance, set /home from default.vfs as root in groupA.vfs. Maybe you have to use /home/* in ioFTPD.ini for the detailed vfs permissions OR the ini always reflects what the user sees in his vfs.
I suggest you put all groups' homedirs in ie. /home/groupname. Then you can set a separate mountpoint in each group's vfs ie. "d:/ftp-root/home/groupname" /home (not as root) and you will be able to use /home/* for the detailed vfs permissions without the risk of mixing anything up. In case you want ever more detailed settings maybe you should mount is as /home/groupname so you can specify /home/groupname/* in ioFTPD.ini.
It's always good to just use an empty dir as root and only mount stuff in vfs. So even if a users cdup:s from the /home dir it will just be empty. To make users to automatically end up in /home when they log in you can set a special homedir setting in ioFTPD (though it's a per user command, but I think you can use the groupname to set the permissions for all users in that group at the same time) ie. site change =groupA homedir /home
And to make sure noone gets access to any other group's homedir (if you use /home/groupname as mount point) you can set the correct attributes for each group's dir (making if private/hidden) ie. site chattr +h "groupA" "=groupA" (if you're currently browsing /home and see the groupA dir). Do the same for all the other dirs. If they cdup now they won't see any other dirs inside /home than their own, making if kinda like the first example.
Or maybe I misunderstand. You just want to set different root dirs for each group?
/ZR
P.S. And oh, don't forget to chmod the dirs you want to be writable to 777. D.S.
|
|
|
05-16-2007, 10:05 AM
|
#9
|
Junior Member
FlashFXP Registered User ioFTPD Foundation User
Join Date: Jul 2005
Posts: 6
|
Quote:
Originally Posted by Zer0Racer
The rule above will give you trouble if you have specified two different root dirs in the group's vfs and the default.vfs. You're only allowing groupA and groupB to upload anywhere on the site since /* is the root. Noone else will be able to upload at all, besides the Master account and maybe the VFS administrator.
I'm not 100% sure on how the VFS permissions work if you, for instance, set /home from default.vfs as root in groupA.vfs. Maybe you have to use /home/* in ioFTPD.ini for the detailed vfs permissions OR the ini always reflects what the user sees in his vfs.
I suggest you put all groups' homedirs in ie. /home/groupname. Then you can set a separate mountpoint in each group's vfs ie. "d:/ftp-root/home/groupname" /home (not as root) and you will be able to use /home/* for the detailed vfs permissions without the risk of mixing anything up. In case you want ever more detailed settings maybe you should mount is as /home/groupname so you can specify /home/groupname/* in ioFTPD.ini.
It's always good to just use an empty dir as root and only mount stuff in vfs. So even if a users cdup:s from the /home dir it will just be empty. To make users to automatically end up in /home when they log in you can set a special homedir setting in ioFTPD (though it's a per user command, but I think you can use the groupname to set the permissions for all users in that group at the same time) ie. site change =groupA homedir /home
And to make sure noone gets access to any other group's homedir (if you use /home/groupname as mount point) you can set the correct attributes for each group's dir (making if private/hidden) ie. site chattr +h "groupA" "=groupA" (if you're currently browsing /home and see the groupA dir). Do the same for all the other dirs. If they cdup now they won't see any other dirs inside /home than their own, making if kinda like the first example.
Or maybe I misunderstand. You just want to set different root dirs for each group?
/ZR
P.S. And oh, don't forget to chmod the dirs you want to be writable to 777. D.S.
|
Whaow, lots of good and useful info here, thanks a million. I think, after reading your excellent explanations, that i have to redesign the whole directory structure a bit to get permissions to work. No biggie though.
And yes, different root dirs for each group and different permissions for each root dir, thats what i am aiming for. Is that possible through ioftpd.ini? Otherwise i think your setup suggestion with /home/groupname is the one best suited for my needs, and also to use the "site change =groupA homedir /home" command. I have to continue experiment i think. Thanks again.
|
|
|
05-17-2007, 05:29 AM
|
#10
|
Junior Member
FlashFXP Registered User ioFTPD Foundation User
Join Date: Jul 2005
Posts: 6
|
Sorry to say, but it looks like i can´t achieve what i want permission wise. I frankly dont know how to set up the vfs/directory structure to be able to use different permissions based on group membership when all the groups have their own vfs file with their own homedir defined. I dont even know if its possible with ioFTPD. Using "the other" Windows ftpd atm and it can most certainly be done with that one, but it misses a few features that ioFTPD has, for example ident, and i would really prefer to use ioFTPD, especially now when Yil has put a tremendous amount of quality work in the project.
I´m kinda stumped right now.
|
|
|
Thread Tools |
|
Display Modes |
Rate This Thread |
Linear Mode
|
|
Posting Rules
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
HTML code is Off
|
|
|
All times are GMT -5. The time now is 01:28 PM.
|