You are viewing a plain text version of this content. The canonical link for it is here.
Posted to ftpserver-dev@incubator.apache.org by Franz Stumpner <fr...@stumpner.net> on 2006/01/11 06:45:37 UTC
CHMOD and CHOWN Commands to Change Rights
Hello!
I'm new to this list.
I want to change the rights (access/owner) of a file after I've
successfully transferred it to the ftp-server.
Most FTP-Servers and FTP-Clients understand the "CHMOD" command where
file-rights can be modified.
If I use the "CHMOD" command within the apache ftp-server, an
errormessage "Access Denied" appears.
Is the apache ftp-Server unable to handle CHMOD Commands or is my
configuration bad?
I'm using Apache FTP on Debian Sarge Linux, after I transferred files to
the FTP Server the owner of the file is always root:root and readable
for owner and group.
Thanks for help.
br
franz stumpner
Re: CHMOD and CHOWN Commands to Change Rights
Posted by Dave Roberts <da...@saaconsultants.com>.
It was 12/01/2006 05:10, when Rana Bhattacharyya wrote:
> I completely agree with you. In fact this is the
> reason I have hardcoded user and group names in our
> FileObject implementations.
Something else to consider, because if you add support for changing
owner, group and permissions, then you need the ability to find out
what the current settings are in order that they can be displayed in
the file listing. Already the hasReadPermission() and
hasWritePermission() methods are used which effect the permissions
displayed based on what they return, but only for the owner. That
is, if both return true, then the mode is -rw-------.
If "site chmod" is supported, then additional methods would be
required to get the read/write permission for group and other, which
would only mean something on UNIX. Otherwise you would not display
the correct permissions.
> May be one thing we can do
> is to add few methods like changeOwner() and
> changeGroup() in FileObject interface. It will return
> true if success. So the current implementations will
> return false. If the user wants to use a new file
> system manager which will use JNI, these methods can
> be overwritten.
It sounds like a reasonable solution, if you had to do it.
The problem here is balancing a wealth of features and
configurability against security. On a UNIX host, in order to
listen to port 21 the server is already going to be run as the root
user. When a user logs in, the thread doesn't/can't give up rights
and run as that actual user on the system, which is what other
servers written in C would do as each child process is forked. As
such, the user actions have an elevated level of priviledge.
When logged in normally to a UNIX host, only the superuser has the
rights to change the owner of a file, local users can not do this.
So allowing them to do so via the FTP server is, well, wrong IMO.
In the proposed changeOwner() etc, I would add big disclaimers about
the security implications of implementing such methods.
At the end of the day, they are not standard FTP commands.
- Dave.
Re: CHMOD and CHOWN Commands to Change Rights
Posted by Rana Bhattacharyya <ra...@yahoo.com>.
I completely agree with you. In fact this is the
reason I have hardcoded user and group names in our
FileObject implementations. May be one thing we can do
is to add few methods like changeOwner() and
changeGroup() in FileObject interface. It will return
true if success. So the current implementations will
return false. If the user wants to use a new file
system manager which will use JNI, these methods can
be overwritten.
What do you think?
Thanks,
Rana Bhattacharyya
--- Sergey Vladimirov <vl...@gmail.com> wrote:
> Hi, Dave, Franz,
>
> I'm not sure is it possible to implement that
> commands in Java. The simplest
> solution will be to call system chmod commands,
> depends on system OS. But it
> is not 100% pure Java.
>
> 2006/1/11, Dave Roberts
> <da...@saaconsultants.com>:
> >
> > It was 11/01/2006 06:45, when Franz Stumpner
> wrote:
> >
> > > I'm using Apache FTP on Debian Sarge Linux,
> after I transferred files to
> > > the FTP Server the owner of the file is always
> root:root and readable
> > > for owner and group.
> >
> > You should carefully consider the security
> implications of allowing
> > such a command. If your files are uploaded as
> root, then you don't
> > want remote users setting the setuid and execute
> bits. Apologies if
> > this is obvious to you.
> >
>
> --
> Sergey Vladimirov
>
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
Re: CHMOD and CHOWN Commands to Change Rights
Posted by Sergey Vladimirov <vl...@gmail.com>.
Hi, Dave, Franz,
I'm not sure is it possible to implement that commands in Java. The simplest
solution will be to call system chmod commands, depends on system OS. But it
is not 100% pure Java.
2006/1/11, Dave Roberts <da...@saaconsultants.com>:
>
> It was 11/01/2006 06:45, when Franz Stumpner wrote:
>
> > I'm using Apache FTP on Debian Sarge Linux, after I transferred files to
> > the FTP Server the owner of the file is always root:root and readable
> > for owner and group.
>
> You should carefully consider the security implications of allowing
> such a command. If your files are uploaded as root, then you don't
> want remote users setting the setuid and execute bits. Apologies if
> this is obvious to you.
>
--
Sergey Vladimirov
Re: CHMOD and CHOWN Commands to Change Rights
Posted by Dave Roberts <da...@saaconsultants.com>.
It was 11/01/2006 06:45, when Franz Stumpner wrote:
> I'm using Apache FTP on Debian Sarge Linux, after I transferred files to
> the FTP Server the owner of the file is always root:root and readable
> for owner and group.
You should carefully consider the security implications of allowing
such a command. If your files are uploaded as root, then you don't
want remote users setting the setuid and execute bits. Apologies if
this is obvious to you.
Re: CHMOD and CHOWN Commands to Change Rights
Posted by Hans-Juergen Brand <ha...@gmx.net>.
at this time there is no Command CHMOD. Have a look at the package
org.apache.ftpserver.command.
Your are welcome to write this kind of command.
> --- Ursprüngliche Nachricht ---
> Von: Franz Stumpner <fr...@stumpner.net>
> An: ftpserver-dev@incubator.apache.org
> Betreff: CHMOD and CHOWN Commands to Change Rights
> Datum: Wed, 11 Jan 2006 07:45:37 +0100
>
> Hello!
>
> I'm new to this list.
>
> I want to change the rights (access/owner) of a file after I've
> successfully transferred it to the ftp-server.
> Most FTP-Servers and FTP-Clients understand the "CHMOD" command where
> file-rights can be modified.
> If I use the "CHMOD" command within the apache ftp-server, an
> errormessage "Access Denied" appears.
> Is the apache ftp-Server unable to handle CHMOD Commands or is my
> configuration bad?
>
> I'm using Apache FTP on Debian Sarge Linux, after I transferred files to
> the FTP Server the owner of the file is always root:root and readable
> for owner and group.
>
> Thanks for help.
>
> br
> franz stumpner
>