access rights on storage directory

[albert]

By accident I removed the storage directory (/home/storage) and had to add it again.
It's all working again, but could someone just list the access rights for me?

Thanks,

Albert

P.S. I mean a "ls -la /home"

[Ubi]

root.root 755

[Cheeseboy]

root.root 755

Is that really the original state of the /home/storage directory?
I must have made some f*cked up find -exec commands

I like to add the "sticky bit" on directories writeable by others.
I want other people to be able to upload stuff to my FTP server, but only the owner of the file should be able to delete it.
So I have something like /home/storage/video/uploads that looks like this:
drwxrwxrwt
(that's chmod 1777 on the directory itself)

Ubi: Is it really owned by root:root by default?

[DanielM]

root.root 755

Is that really the original state of the /home/storage directory?

No, that is the state of the /home directory. /home/storage seems (at least on my machine, I don't think I've tampered with it) to be root:users 777. Which I guess means that anybody can delete the entire directory by the way. Looks like it's time for some tampering for me...

/Daniel

[Ubi]

I thought the question was what the status was on the /home dir, not the /home/storage dir. I got confused by the suggested ls command, which on my system does not descend into folders.

Code: Select all

ubi@b3:~$ /bin/ls -la /home
total 44
drwxr-xr-x  8 root    root   4096 Nov  8 22:08 .
drwxr-xr-x 22 root    root   4096 Jan  1  2000 ..
drwxr-xr-x  2 admin   admin  4096 Jan  1  2000 admin
drwxr-xr-x  7 ubi     users  4096 Nov 22 23:45 ubi
drwx------  2 root    root  16384 Jan  1  2000 lost+found
drwxrwsrwx  6 root    users  4096 Jan  1  2000 storage
drwxrwsr-x  2 root    users  4096 Jan  1  2000 web

so in short, you are correct. Although I don't see why storage should be world writable. But if thats what you want I guess the correct sequence is:

Code: Select all

mkdir /home/storage
chown root.users /home/storage
chmod 777 /home/storage
chmod g+s /home/storage

so

[Ubi]

DanielM: You cannot remove /home/storage when that folder has 777 status. This is because the folder is located in /home and normal users do not have write or delete access on /home. Therefor users cannot delete /home/storage.

[Ubi]

--edit: this is a response to a post that seems to have been removed --

It really is only relevant for when an attacker gets illegal shell access anyway and can now spook around your storage folder. So yes, a security risk, but only a small additive one.

[ovemh]

I think this should do it:

You ssh log in to your bubba

$ su root

// Change owner: (The -R changes all files/directories below storage)
$ chown -R root /home/storage

// Change group membership of the files
$ chgrp -R users /home/storage/

Then the chmod thing listed above, or:
chmod 777 -R /home/storage

[RandomUsername]

I can't remember the details now but when I first got my B2 I didn't like my storage directory being 777 like that so changed it. It caused me problems somewhere so had to revert it (possibly connected to the web interface, I really can't remember). I control access to that dir with samba (extra lines in smb.conf) since I am the only user with shell access anyway.

[Ubi]

It's not 777, it has a sticky bit on the group. Also, the chgrp command is superfluous if you can give the group together with the chown command.

My guess the reason for the 777 is that you want the music player processes to access the sotrage folder, but you do not want them to be part of the user group. So storage is a bit like temp, where the actual user rights are coordinated through the access rights of the files and not of the top folder.

[ovemh]

(...) Also, the chgrp command is superfluous if you can give the group together with the chown command. (...)

I agree.

Code: Select all

$ chown root.users /home/storage

...are more elegant I didn't catch your post before I posted mine.