Page 1 of 1
access rights on storage directory
Posted: 14 Dec 2010, 10:52
by albert
By accident I removed the storage directory (/home/storage) and had to add it again.
It's all working again, but could someone just list the access rights for me?
Thanks,
Albert
P.S. I mean a "ls -la /home"
Re: access rights on storage directory
Posted: 14 Dec 2010, 11:39
by Ubi
root.root 755
Re: access rights on storage directory
Posted: 14 Dec 2010, 14:47
by Cheeseboy
root.root 755
Is that really the original state of the /home/storage directory?
I must have made some f*cked up find -exec commands
I like to add the "sticky bit" on directories writeable by others.
I want other people to be able to upload stuff to my FTP server, but only the owner of the file should be able to delete it.
So I have something like /home/storage/video/uploads that looks like this:
drwxrwxrwt
(that's chmod 1777 on the directory itself)
Ubi: Is it really owned by root:root by default?
Re: access rights on storage directory
Posted: 14 Dec 2010, 15:14
by DanielM
Cheeseboy wrote:root.root 755
Is that really the original state of the /home/storage directory?
No, that is the state of the /home directory. /home/storage seems (at least on my machine, I don't think I've tampered with it) to be root:users 777. Which I guess means that anybody can delete the entire directory by the way. Looks like it's time for some tampering for me...
/Daniel
Re: access rights on storage directory
Posted: 14 Dec 2010, 15:25
by Ubi
I thought the question was what the status was on the /home dir, not the /home/storage dir. I got confused by the suggested ls command, which on my system does not descend into folders.
Code: Select all
ubi@b3:~$ /bin/ls -la /home
total 44
drwxr-xr-x 8 root root 4096 Nov 8 22:08 .
drwxr-xr-x 22 root root 4096 Jan 1 2000 ..
drwxr-xr-x 2 admin admin 4096 Jan 1 2000 admin
drwxr-xr-x 7 ubi users 4096 Nov 22 23:45 ubi
drwx------ 2 root root 16384 Jan 1 2000 lost+found
drwxrwsrwx 6 root users 4096 Jan 1 2000 storage
drwxrwsr-x 2 root users 4096 Jan 1 2000 web
so in short, you are correct. Although I don't see why storage should be world writable. But if thats what you want I guess the correct sequence is:
Code: Select all
mkdir /home/storage
chown root.users /home/storage
chmod 777 /home/storage
chmod g+s /home/storage
so
Re: access rights on storage directory
Posted: 14 Dec 2010, 15:28
by Ubi
DanielM: You cannot remove /home/storage when that folder has 777 status. This is because the folder is located in /home and normal users do not have write or delete access on /home. Therefor users cannot delete /home/storage.
Re: access rights on storage directory
Posted: 14 Dec 2010, 15:33
by Ubi
--edit: this is a response to a post that seems to have been removed --
It really is only relevant for when an attacker gets illegal shell access anyway and can now spook around your storage folder. So yes, a security risk, but only a small additive one.
Re: access rights on storage directory
Posted: 15 Dec 2010, 06:53
by ovemh
I think this should do it:
You ssh log in to your bubba
$ su root
// Change owner: (The -R changes all files/directories below storage)
$ chown -R root /home/storage
// Change group membership of the files
$ chgrp -R users /home/storage/
Then the chmod thing listed above, or:
chmod 777 -R /home/storage
Re: access rights on storage directory
Posted: 15 Dec 2010, 07:11
by RandomUsername
I can't remember the details now but when I first got my B2 I didn't like my storage directory being 777 like that so changed it. It caused me problems somewhere so had to revert it (possibly connected to the web interface, I really can't remember). I control access to that dir with samba (extra lines in smb.conf) since I am the only user with shell access anyway.
Re: access rights on storage directory
Posted: 15 Dec 2010, 08:08
by Ubi
It's not 777, it has a sticky bit on the group. Also, the chgrp command is superfluous if you can give the group together with the chown command.
My guess the reason for the 777 is that you want the music player processes to access the sotrage folder, but you do not want them to be part of the user group. So storage is a bit like temp, where the actual user rights are coordinated through the access rights of the files and not of the top folder.
Re: access rights on storage directory
Posted: 15 Dec 2010, 11:13
by ovemh
Ubi wrote: (...) Also, the chgrp command is superfluous if you can give the group together with the chown command. (...)
I agree.
...are more elegant

I didn't catch your post before I posted mine.