Re: [SLUG] vsftpd umask settings

From: Mike Branda (realraccoon@tampabay.rr.com)
Date: Mon Aug 08 2005 - 21:41:12 EDT


On Mon, 2005-08-08 at 19:31 -0400, Eben King wrote:
> On Mon, 8 Aug 2005, Russ Wright wrote:
>
> > Hello Sluggers
> >
> > I just cannot get this right. I have an ftp server running vsftpd.
> > There is a group called developers. I would like to have it so that any
> > user in the developers group has full rights to files uploaded by any
> > member of the developers group.
> >
> > I know it has to do with the umask setting in the vsftpd.conf file. I
> > thought it was supposed to be 022 but that does not work. So what is
> > the proper setting?
> >
> > Yes I read the manual and I still don't understand.
>
> Never tried to do that with an ftpd, but I think you need files uploaded by
> members of the "developers" group to have permissions
>
> -???rw???? <anybody>/developers
>
> which implies a umask where the next-to-last digit is either 1 or 0.
> Directories should be
>
> d???rwx??? <anybody>/developers
>
> which implies a umask where the next-to-last digit is 0.
>
> ("?" = "don't care")
>
> The important thing is that files end up with group read & write permission,
> and with the owner's group being "developers". Same for directories, with
> the addition of group execute permission.
>
> It's probably undefined if joeblow, member of the group "developers", tries
> to read this file:
>
> ----rw---- joeblow/developers
> uuugggooo
>
> Permission is denied based on the "user" permissions, but granted based on
> the "group" permissions. I'd test that to see what happens.
>

Remember that u"mask" is exactly that. A mask. Therefore the
traditional chmod way of thinking is backwards.

If a file starts 777 and has a mask of 022 it becomes 755 (-rwxr-xr-x).
If you 022 your files they are only read/x by the group.

see:

http://web.cse.msu.edu/cgi-bin/man2html?umask?1?/usr/man

Don't know if this is your problem (having it backwards) or not but
figured I toss it out there.

Mike Branda Jr.

-----------------------------------------------------------------------
This list is provided as an unmoderated internet service by Networked
Knowledge Systems (NKS). Views and opinions expressed in messages
posted are those of the author and do not necessarily reflect the
official policy or position of NKS or any of its employees.



This archive was generated by hypermail 2.1.3 : Fri Aug 01 2014 - 19:51:58 EDT