Go Back   FlashFXP Forums > > > >

ioFTPD General New releases, comments, questions regarding the latest version of ioFTPD.

Reply
 
Thread Tools Rate Thread Display Modes
Old 12-13-2011, 05:50 PM   #1
karlmarius
Junior Member
FlashFXP Registered User
 
Join Date: Dec 2011
Posts: 3
Question Beginner help to setup permissions

Hi!

I'm totally new to ioftpd.
I've managed to get the server up and running with ssl, but have trouble with understanding how to set correct permissions...

So I want all user that are in my "OWNERS" group to have full access to the server, including uploading to all directories. As now I cant't upload anything anywhere

I also want regular users to be able to upload to a dir called "Upload", and download anything, this group is called "Regular".

can somebody give an example on what to put in the config file straight out. have tried, but don't understand the config apparently

Also, is there something else that needs to be configured else than the ini file ?

All help is really appreciated!
karlmarius is offline   Reply With Quote
Old 12-14-2011, 12:00 PM   #2
Flow
Senior Member
FlashFXP Beta Tester
ioFTPD Foundation User
 
Flow's Avatar
 
Join Date: Dec 2001
Posts: 306
Default

read /etc/default.vfs file.

users added to site can be set to use different .vfs file (Virtual File System)
Flow is offline   Reply With Quote
Old 12-14-2011, 01:10 PM   #3
karlmarius
Junior Member
FlashFXP Registered User
 
Join Date: Dec 2011
Posts: 3
Default

So the way to go is to use different vfs for different groups? Is this required to achieve what i ant here. It's not possible to set different permissions for different groups with just one vfs?
karlmarius is offline   Reply With Quote
Old 12-14-2011, 03:16 PM   #4
thedepartedone
Member
 
Join Date: Apr 2009
Posts: 30
Default

also look under ### PERMISSIONS ### in ioftpd.ini , by default , if i remember correctly, it has the path /incoming/* as the only location they can delete, upload, rename, etc... and by default i think it is also set so that only those with 1M flags can do those tasks.
thedepartedone is offline   Reply With Quote
Old 12-14-2011, 03:40 PM   #5
karlmarius
Junior Member
FlashFXP Registered User
 
Join Date: Dec 2011
Posts: 3
Default

Quote:
Originally Posted by Flow View Post
read /etc/default.vfs file.

users added to site can be set to use different .vfs file (Virtual File System)

Is it necessary to use different vfs for different groups to achieve this.
Is it not possible to set that the "owners" group has full access for everything, while the the "regular" group only have permissions to edit/upload files to the "upload" directory?
would /* =OWNERS, be enough to se that users in the "owners" group have full access, while users with the "3" flag only could upload to the"upload" directory.

Could someone please post an example of config for the ioftpd.in for me to be able to do this?
karlmarius is offline   Reply With Quote
Old 12-14-2011, 04:36 PM   #6
Yil
Too much time...
FlashFXP Beta Tester
ioFTPD Administrator
 
Join Date: May 2005
Posts: 1,194
Default

Just setup the default.vfs file. For most users there is never a need to use more than one VFS file.

There are 2 major access checks on file access.

The first is the VFS section of the .ini file which controls who can do what. The default setup shows an example of a server where normal users (3 flag only) can only upload stuff under the /Incoming directory. The reason it's setup so restrictive by default is so that new users understand what they are granting users permission to do. Perhaps I should change that... Anyway, just change the /Incoming/* to /* and then they'll apply everywhere which is what most people do I bet. An obvious counter-example would be people who remove user's ability to modify the /ARCHIVE dir on their servers...

The second check is the actual filesystem directory/file permissions (the rwx stuff). Thus a user could have rights in the .ini file to create a directory anywhere but the / root dir may have rw-r--r-- which means only the owner (ioFTPD user by default) can create/delete stuff in the / dir.

And now for the last bit of info I think you need. If rwx permissions are good enough for controlling who can up/down where then just open up everything in the .ini VFS section and you're done. If only some people should be able to upload across the whole server I'd suggest just using the "3" flag which by convention is for that purpose (i.e. accounts without the 3 flag can't modify stuff). If you want you could also give out the 4,5,6,a,b,c whatever flags to groups of users. There is almost no difference between using a made-up flag like say 4 and having a made up group like say OWNERS and granting them rights to upload somewhere except most permission .ini entries are flag-style which means you could write 13VM45 which is simpler than 13VM =USERS =OWNERS...
Yil is offline   Reply With Quote
Old 12-14-2011, 04:46 PM   #7
Yil
Too much time...
FlashFXP Beta Tester
ioFTPD Administrator
 
Join Date: May 2005
Posts: 1,194
Default

Just a quick update. I personally find there are VERY few reasons for the VFS section of the .ini file to be overly complex. I bet most people grant uploaders the rights to their own stuff but nobody elses, and 1 (SiteOp) flagged users can do anything.

Similarly, I find that creating more than maybe 1 new user flag is rarely needed, especially if you are using it to control filesystem access only.

If you find yourself doing either send me a private message and I'll see if there isn't a simpler way to do what you want.

The only other thing I should mention is the private/hidden directory option. Using 'site chattr +h' you can create a flag-style permission entry that controls who can even see the directory. Thus you can make /GAMES have a chattr +h value of 1VM =GAMERS and only SiteOps and people in the GAMERS group could even see that you have a /GAMES directory... This feature removes the need for multiple .vfs files and also gets rid of .ini VFS rules about who can do what to different sections because you don't need to worry about them uploading to a directory they can't even see.
Yil is offline   Reply With Quote
Reply

Tags
download, file, group, regular, upload


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -5. The time now is 12:36 AM.

Parts of this site powered by vBulletin Mods & Addons from DragonByte Technologies Ltd. (Details)