1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Strange permissions problem

Discussion in 'Linux / Unix Discussion' started by ffreeloader, Oct 10, 2005.

  1. ffreeloader

    ffreeloader Terabyte Poster

    3,661
    106
    167
    A while back I installed an ftp server on my main Debian box so I could ftp files in and out of it from all the computers on my lan. I created a /home/ftp directory to hold all the files.

    Now, what I'm having problems with is that the username I normally log into with on this computer is being denied access to the /home/ftp directory. I have created a group called ftp to whom I have given read, write, and execute permissions on the ftp directory. The user is a member of that group. Other users that are members of that group have read, write, and execute permissions as they should. Just this one user in the group is denied access.

    Anyone have any idea why? I'm kinda stumped.

    I have one idea as to why but don't know how to go about checking it out. I have ftp'ed into this directory from another machine while using the same user name and saved a file there. Maybe that's what is confusing the permissions issue, but I'm really unsure why accesssing that directory remotely would screw with the local permissions even if the user names are the same.
     
    Certifications: MCSE, MCDBA, CCNA, A+
    WIP: LPIC 1
  2. tripwire45
    Honorary Member

    tripwire45 Zettabyte Poster

    13,493
    179
    287
    You know an awful lot more about this than I do, but is it possible that your Debian box thinks the user is already logged on and accessing /home/ftp directory from the remote location when you try to access it locally?
     
    Certifications: A+ and Network+
  3. ffreeloader

    ffreeloader Terabyte Poster

    3,661
    106
    167
    I'm unaware of any reason why that would be happening. Since I've ftp'ed into the directory both boxes have been rebooted so any ftp connection that once existed to the other user by the same name has long ago been destroyed, and when the connection was initially broken it was broken using standard ftp commands so the user would have been logged off.
     
    Certifications: MCSE, MCDBA, CCNA, A+
    WIP: LPIC 1
  4. Neall

    Neall Byte Poster

    214
    6
    0
    Is there seperate rules for each user in the group or are they all the same?

    Only thing i can suggest, if you havent already done so, is to delete and recreate the user again.

    Neall
     
    WIP: A+
  5. Neall

    Neall Byte Poster

    214
    6
    0
    Not done much with linux but googled a bit.

    To get ftp access, the account must satisfy 3 conditions;

    1) The account must have an entry in /etc/passwd with a non-null password

    2) It cannot be listed in the file /etc/ftpaccess

    3) It must have a valid login shell as listed in /etc/shells
     
    WIP: A+
  6. ffreeloader

    ffreeloader Terabyte Poster

    3,661
    106
    167
    I guess I don't understand what you are asking here. All members added to a group have the same access permissions as the group, at least that's my understanding of how *nix permissions work. I know of no "deny" permissions such as exist with Windows dacl's, at least I've never used any.
     
    Certifications: MCSE, MCDBA, CCNA, A+
    WIP: LPIC 1
  7. ffreeloader

    ffreeloader Terabyte Poster

    3,661
    106
    167
    I think you are misunderstanding something here. I can ftp into the directory fine from both Windows and Linux machines. That's not a problem.

    What is a problem is that the user account I have on the ftp server, which is my every day account, is denied access locally to that directory even though it is a member of the group that has been given read, write, and execute permissions to the ftp directory.

    I can successfully use that account name from another computer and log into the ftp directory using ftp, but the local account is denied access. Why would ftp'ing in with that account that screw up local access for the one account? All other accounts work fine both locally and remotely.
     
    Certifications: MCSE, MCDBA, CCNA, A+
    WIP: LPIC 1
  8. tripwire45
    Honorary Member

    tripwire45 Zettabyte Poster

    13,493
    179
    287
    Call this a shot in the dark Freddy, but somehow, could the server be expecting the IP of the remote computer to be included to validate the connection? :blink
     
    Certifications: A+ and Network+
  9. ffreeloader

    ffreeloader Terabyte Poster

    3,661
    106
    167
    Well, it's solved but the solution is something I would never have guessed.

    When I added the local user to the ftp group I had never closed my bash shell session. Once I had closed it and reopened another I was given local access to ftp directory.

    I had no idea that a bash shell session uses a set of cached permissions that were set when the bash session is started for something like this but it now seems obvious that it does. I could su to other users that I added to the group and get local access to the ftp directory and bash would go get their new permissions, but did not get the new permissions for the original bash session.

    Well, it's live and learn. So, if you're playing with the Linux file system from the bash shell and the changes in permissions aren't being applied to the account you're using close your bash shell session and start another one.

    I don't know if this is only related to permissions related to daemons such as ftp or not, but this is one I won't soon forget.
     
    Certifications: MCSE, MCDBA, CCNA, A+
    WIP: LPIC 1

Share This Page

Loading...