Mike Leone on 22 Apr 2010 12:31:21 -0700

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[PLUG] More advice on shell scripting and basic admin configurations

So I have a specific question(s) about your example script. And all 
related to Scripting 101 and Linux Admining 101, I think ...


> DMZ side script (will probably get mangled by the MTAs and MUAs):
> #!/bin/bash -
> # snag_files.sh--Snag some files and package up in ZIP file
> TREE='/home/ftp/'  # Must be read-write by user, so ZIP can read and delete

In my case, the FTP is chrooted (I am using VSFTP), and is locked into 
only being able to access their own home directory. Wouldn't do to have 
the vendors be able to walk up and down the folder structure and be able 
to read any other vendor's invoices. Hence they can only FTP into their 
own home folder.

That would cause grief with this script, because while the WORLD 
permissions are read for every folder under /home (BTW, at some point, 
that should be changed so that only the user has rights in their home 
folder, and only members of a certain group. Right now, any user that 
could telnet/SSH in, could go perusing through any other user's folders, 
since the default is for WORLD read. But, I digress ...), there are not 
GROUP or WORLD write permissions set, by default.

The point is that each vendor's files should not be seen by any other 
vendor, so the files are not all in one directory.

How best to take that into account, then? Change the VSFTP to chroot the 
users into a different folder structure, one in which the user of this 
script has R/W privileges, via means of membership in a group? Wouldn't 
that mean every file would need to have those group perms set? And the 
user creation take that into account?

Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug