FlashFXP Forums - View Single Post

Yil · 02-08-2014, 04:55 PM

The first thing to understand is that ioFTPD supports both user and group level permissions for directories much like any unix system does. In particular a user must have +r access to a directory in other to enter it, and +w to modify it (+x is ignored, just use +r). Fine grained control over what a user can actually DO in a directory they can enter is controlled by the VFS rules in the .ini file. This gives you enormous flexibility and control since you can have unlimited VFS rules that apply to different paths as needed. Just using 'site chmod' to modify the user and/or group +r/+w settings should allow you to control where people can go. This would absolutely allow you to lock users to particular directories and is very straightforward as you would simply change user's home directories to be owned by them, chmod 700 the dir so only the owner can enter it, leave /guests and / at 555 and leave everything else owned by ioftpd group (I'd user a different one as ioftpd is the default group) and just make sure users are in only the GUESTS group. That should do what you want and is indeed how a regular unix system would probably set up the permissions. For the record you must have +r permissions to access any path all the way from / to the directory. Thus if you have /games/archive and /games has perms of 550 owned by ioFTPD/ioftpd (the default) and the user isn't a member of the ioftpd group then the user will be able to see /games from / but will not be able to enter /games or see anything under it even if /games/archive has 777 as the perms. Hope that makes sense. Also check out he default VFS perms for files/dir in the .ini file and set that appropriately if needed.

However, I just got finished answering a different question for someone else so I might have steered you a little wrong with my above answer. I believe they wanted to hide the existence and names of the other users. Using +r/+w perms you can control who can enter/modify a dir but you can't hide the existence of the dir or who owns it because it will show up in a directory listing. To do that you have to use the answer I showed you above which uses 'site chattr +h' to make directories private/hidden so if you don't match the permissions on the directory it won't show up at all!

Let me know if that helps, or if you need more info.

02-08-2014, 04:55 PM
Yil Too much time... Join Date: May 2005 Posts: 1,194	The first thing to understand is that ioFTPD supports both user and group level permissions for directories much like any unix system does. In particular a user must have +r access to a directory in other to enter it, and +w to modify it (+x is ignored, just use +r). Fine grained control over what a user can actually DO in a directory they can enter is controlled by the VFS rules in the .ini file. This gives you enormous flexibility and control since you can have unlimited VFS rules that apply to different paths as needed. Just using 'site chmod' to modify the user and/or group +r/+w settings should allow you to control where people can go. This would absolutely allow you to lock users to particular directories and is very straightforward as you would simply change user's home directories to be owned by them, chmod 700 the dir so only the owner can enter it, leave /guests and / at 555 and leave everything else owned by ioftpd group (I'd user a different one as ioftpd is the default group) and just make sure users are in only the GUESTS group. That should do what you want and is indeed how a regular unix system would probably set up the permissions. For the record you must have +r permissions to access any path all the way from / to the directory. Thus if you have /games/archive and /games has perms of 550 owned by ioFTPD/ioftpd (the default) and the user isn't a member of the ioftpd group then the user will be able to see /games from / but will not be able to enter /games or see anything under it even if /games/archive has 777 as the perms. Hope that makes sense. Also check out he default VFS perms for files/dir in the .ini file and set that appropriately if needed. However, I just got finished answering a different question for someone else so I might have steered you a little wrong with my above answer. I believe they wanted to hide the existence and names of the other users. Using +r/+w perms you can control who can enter/modify a dir but you can't hide the existence of the dir or who owns it because it will show up in a directory listing. To do that you have to use the answer I showed you above which uses 'site chattr +h' to make directories private/hidden so if you don't match the permissions on the directory it won't show up at all! Let me know if that helps, or if you need more info.