permission issue to move file

GIC1986 · December 11, 2008, 8:53am

We have a script which will move the files from the each user home directory to other location to process the file in the server.

The users put files in their home directory using FTP and the user home dir have 775 permission so the the application user can move the files from the home path to other location since the application user was a group of the FTP user account.

But when users start using sftp the permission need to restict to 755 and the gorup user home path then the current script can not move files from there since group cannot have write permission

so what was the alternative way to move files from there to desired location

Please suggest ....

Its an urgent request ...

GIC1986 · December 11, 2008, 9:05am

tHE SCRIPT AS FOLLOWS

# Location of the staging area
app_ROOT=$HOME
STAGING_DIR=$app_ROOT/in_staging

# Time to leave file before moving it (in minutes)
MINUTES_TO_LEAVE_FILE=10

#SFTP/FTP user home path
A_DIR=/export/home/A
B_DIR=/export/home/B
C_DIR=/export/home/C

# Transfer files for each user inturn
/usr/local/bin/find $A_DIR -name 'PN*' -type f -cmin +$MINUTES_TO_LEAVE_FILE -exec mv {} $STAGING_DIR/A \;
/usr/local/bin/find $B_DIR -name 'LY*' -type f -cmin +$MINUTES_TO_LEAVE_FILE -exec mv {} $STAGING_DIR/B \;
/usr/local/bin/find $C_DIR -name 'GT*' -type f -cmin +$MINUTES_TO_LEAVE_FILE -exec mv {} $STAGING_DIR/C \;

demwz · December 11, 2008, 9:06am

This is quite tricky and depends on your env. especially the umask settings and the users login shell. pls provide some Information and if it is urgent provide them urgently.

Autocross.US · December 11, 2008, 9:08am

You could set an ACL on the home directory to give the group write access:

The command is either setacl or setfacl, depending on your distro.

setfacl -m g:groupname:rwx /home/directory

I don't believe ssh has issues with ACL's being less restrictive than regular unix file permissions.

GIC1986 · December 11, 2008, 9:14am

First of all am not root in the server.

I am doing the appication related scripts

User login shell was ksh

i am unaware about the umask seeting... sorry

One thing am sure that to enable SFTP the user should have the resrited permission ie 755 ie no one else can write on the home directory.

Please suggest on this script.

demwz · December 11, 2008, 9:16am

check Jeff.Robbins.ws Setting the umask for SFTP transactions

demwz · December 11, 2008, 9:22am

if U dont have permission to move the files it will not help to modify the script. you will have th change the file permissions. this is commonly done by modifing the users umask. Also the directory permission must provide write access to be able to delete a file

GIC1986 · December 11, 2008, 9:25am

Guys i missed first line in script

#!/usr/bin/bash

is it cause any problem.....?

And the application user was alredy added as a group of FTP user account

Then the sheel type of this user are /bin/false

to enable SFTP its changed to /bin/ksh

GIC1986 · December 11, 2008, 11:44am

jimbalaya:

You could set an ACL on the home directory to give the group write access:

The command is either setacl or setfacl, depending on your distro.
setfacl -m g:groupname:rwx /home/directory
I don't believe ssh has issues with ACL's being less restrictive than regular unix file permissions.

Hi jimbalaya

It works but in the following way

the one that you gave makes an entry while checking with getfacl it does not have effective part as

# file: master
# owner: master
# group: adm
user::rwx
user:user:rwx #effective:---
group::--- #effective:---
mask:rwx
other:---

When i try with setfacl -m u:user:rwx,m:rwx /home/master

it gaves as

# file: master
# owner: master
# group: adm
user::rwx
user:user:rwx #effective:rwx
group::--- #effective:---
mask:rwx
other:---

But here the problem was when i grant permission the sftp connection to the master account was failing it cannot connect using public keys...

It again pointing to same problem mentioned in the First post....

I thought of dong some script correection to make this happen or some other ways to sort out.......

Any one please do help.....

GIC1986 · December 17, 2008, 5:18am

Any one please help ....

The setfacl can make the files move from the path but the problem is it when it was done againg the sftp was failing..

Please help..

Any other alternatives...

GIC1986 · December 17, 2008, 7:29am

Whether the only solution was the schduling the script under the root user??????

Please suggest ...

bakunin · December 17, 2008, 7:41am

edit by bakunin: I suggest that you read the rules, which state that "bumping up questions" is forbidden. The Problem you are trying to solve might be urgent to you firstly we are not your helpdesk and secondly if you need a certain response time to be met consider hiring a Unix expert instead of posting to forums.

You have been - officially - warned.