Re: file permission baffle

2003-03-30 Thread Ruben de Groot 
On Sun, Mar 30, 2003 at 03:11:18AM -0500, David Banning typed:
 I have these links from my web directory; 
 
 root# cd /usr/local/www/data/fax/
 root# ls -l
 
 lrwxr-xr-x  1 root  wheel  18 Mar 29 16:37 chantelle - /usr/chantelle/fax
 lrwxrwxrwx  1 root  wheel  14 Mar 10 00:15 david - /usr/david/fax
 
 I can't change the permissions on them. It's because the permissions
 are dependent on the linked directory right? Doesn't seem so;

Permissions on symbolic links are irrelevant. 
If you want to change them anyway, here's what you have to do:

# cd /usr/local/www/data/fax/
# rm chantelle
# umask 0
# ln -s /usr/chantelle/fax chantelle

Don't forget to change your umask back to something reasonable afterwards.

 
 root# ls -ld /usr/chantelle/fax
 drwxrwxrwx  2 chantelle  wheel  512 Mar 30 02:26 /usr/chantelle/fax
 root# ls -ld /usr/david/fax
 drwxrwxrwx  2 david  wheel  512 Mar 30 02:40 /usr/david/fax
 root# 
 
 Even going further upstream doesn't show anything;
 
 root# ls -ld /usr/chantelle
 drwxr-xr-x  7 chantelle  wheel  1024 Mar 29 23:13 /usr/chantelle
 root# ls -ld /usr/david
 drwxr-xr-x  68 david  wheel  5632 Mar 29 22:23 /usr/david
 
 I am having a problem writing to the top dir shown, (chantelle)
 but not the following one (david).
 
 Anyone understand this?
 ___
 [EMAIL PROTECTED] mailing list
 http://lists.freebsd.org/mailman/listinfo/freebsd-questions
 To unsubscribe, send any mail to [EMAIL PROTECTED]
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: file permission baffle

2003-03-30 Thread Matthew Seaman 
On Sun, Mar 30, 2003 at 03:11:18AM -0500, David Banning wrote:
 I have these links from my web directory; 
 
 root# cd /usr/local/www/data/fax/
 root# ls -l
 
 lrwxr-xr-x  1 root  wheel  18 Mar 29 16:37 chantelle - /usr/chantelle/fax
 lrwxrwxrwx  1 root  wheel  14 Mar 10 00:15 david - /usr/david/fax
 
 I can't change the permissions on them. It's because the permissions
 are dependent on the linked directory right? Doesn't seem so;

You can use 'chmod -h' to change the permissions on the link itself. eg.

% ln -s bar baz 
/tmp/foo:% ls -la 
total 0
-rw-r--r--  1 matthew  wheel0 Mar 30 10:13 bar
lrwxr-xr-x  1 matthew  wheel3 Mar 30 10:14 baz@ - bar
% chmod -h 664 baz 
% ls -la 
total 0
-rw-r--r--  1 matthew  wheel0 Mar 30 10:13 bar
lrw-rw-r--  1 matthew  wheel3 Mar 30 10:14 baz@ - bar

When you open a file or directory via a symbolic link, first you need
sufficient permissions to read the link itself --- think of it as a
tiny little file that simply contains the name of the file that should
really be opened.  However, once that has been done, the system
automatically switches to opening the link target instead, and it's
the permissions on the target and its containing directory that have
the most effect practically.

There's a '-h' flag to chown(1) that works equivalently for changing
ownership.

However, in general, you don't need to fiddle with link permissions
and ownership.  root:wheel ownership and lrwxrwxrwx permissions will
work just fine.
 
 root# ls -ld /usr/chantelle/fax
 drwxrwxrwx  2 chantelle  wheel  512 Mar 30 02:26 /usr/chantelle/fax
 root# ls -ld /usr/david/fax
 drwxrwxrwx  2 david  wheel  512 Mar 30 02:40 /usr/david/fax
 root# 
 
 Even going further upstream doesn't show anything;
 
 root# ls -ld /usr/chantelle
 drwxr-xr-x  7 chantelle  wheel  1024 Mar 29 23:13 /usr/chantelle
 root# ls -ld /usr/david
 drwxr-xr-x  68 david  wheel  5632 Mar 29 22:23 /usr/david
 
 I am having a problem writing to the top dir shown, (chantelle)
 but not the following one (david).

Hmmm... I think you're barking somewhat up the wrong tree here.
Permissions are too lax, if anything --- I'd certainly change the
permissions on those personal fax directories to 755 or 775.

The question is, what is the UID of the process that is attempting to
write to those fax directories?  Is it a well known Fax management
package or something home brewed?  Either way permissions need to be
controlled.  The process either has to have a real UID of root and be
able to set it's effective UID to the owner of the directory (see
seteuid(2)), or it has to belong to the same group as the group
ownership of the directories, and group write permission has to be set
on the directories.  In the latter case, it helps to make sure that
any files created also have group write permission or the directory
owner won't be able to modify them.

Cheers,

Matthew

-- 
Dr Matthew J Seaman MA, D.Phil.   26 The Paddocks
  Savill Way
PGP: http://www.infracaninophile.co.uk/pgpkey Marlow
Tel: +44 1628 476614  Bucks., SL7 1TH UK


pgp0.pgp
Description: PGP signature

file permission baffle

2003-03-30 Thread David Banning 
I have these links from my web directory; 

root# cd /usr/local/www/data/fax/
root# ls -l

lrwxr-xr-x  1 root  wheel  18 Mar 29 16:37 chantelle - /usr/chantelle/fax
lrwxrwxrwx  1 root  wheel  14 Mar 10 00:15 david - /usr/david/fax

I can't change the permissions on them. It's because the permissions
are dependent on the linked directory right? Doesn't seem so;

root# ls -ld /usr/chantelle/fax
drwxrwxrwx  2 chantelle  wheel  512 Mar 30 02:26 /usr/chantelle/fax
root# ls -ld /usr/david/fax
drwxrwxrwx  2 david  wheel  512 Mar 30 02:40 /usr/david/fax
root# 

Even going further upstream doesn't show anything;

root# ls -ld /usr/chantelle
drwxr-xr-x  7 chantelle  wheel  1024 Mar 29 23:13 /usr/chantelle
root# ls -ld /usr/david
drwxr-xr-x  68 david  wheel  5632 Mar 29 22:23 /usr/david

I am having a problem writing to the top dir shown, (chantelle)
but not the following one (david).

Anyone understand this?
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]