|
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
|
[PLUG] More advice on shell scripting and basic admin configurations
|
So I have a specific question(s) about your example script. And all
related to Scripting 101 and Linux Admining 101, I think ...
So:
> DMZ side script (will probably get mangled by the MTAs and MUAs):
>
> #!/bin/bash -
> # snag_files.sh--Snag some files and package up in ZIP file
>
> TREE='/home/ftp/' # Must be read-write by user, so ZIP can read and delete
In my case, the FTP is chrooted (I am using VSFTP), and is locked into
only being able to access their own home directory. Wouldn't do to have
the vendors be able to walk up and down the folder structure and be able
to read any other vendor's invoices. Hence they can only FTP into their
own home folder.
That would cause grief with this script, because while the WORLD
permissions are read for every folder under /home (BTW, at some point,
that should be changed so that only the user has rights in their home
folder, and only members of a certain group. Right now, any user that
could telnet/SSH in, could go perusing through any other user's folders,
since the default is for WORLD read. But, I digress ...), there are not
GROUP or WORLD write permissions set, by default.
The point is that each vendor's files should not be seen by any other
vendor, so the files are not all in one directory.
How best to take that into account, then? Change the VSFTP to chroot the
users into a different folder structure, one in which the user of this
script has R/W privileges, via means of membership in a group? Wouldn't
that mean every file would need to have those group perms set? And the
user creation take that into account?
___________________________________________________________________________
Philadelphia Linux Users Group -- http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug
|
|