|
Hello, For the access right ( include read / modify / delete ) problem of bind service, Is it need the owner / group of named to run the program for it really ? So, we can't to re-set the permission again ? Edward. -------- Original Message --------
edwardspl@xxxxxxxxxx wrote: > Les Mikesell wrote: > >> edwardspl@xxxxxxxxxx wrote: >> >>> Dear All, >>> >>> I want to how to config the limitation ( permission ) from the >>> following ? >>> >>> [svradmin@svr1 etc]$ pwd >>> /usr/local/proftpd/etc >>> [svradmin@svr1 etc]$ ls -l >>> total 4 >>> -rw-r--r-- 1 root root 1894 Feb 20 00:22 proftpd.conf >>> [svradmin@svr1 etc]$ >>> >>> Only allow user root, svradmin and edward they can access to >>> /usr/.local/proftpd/etc/ ( directory ) and read / modify the config >>> file ( such as proftpd.conf ). >> >> Root automatically has full access and doesn't need special >> consideration. One of the other users (svradmin) can be the owner and >> have rwx permission. To allow access by additional users you can add >> group rwx permission and put the users in the of the files. Having a >> single other user is a slightly special case where you could give >> edward's group to the file instead of the other way around. In any >> case you need to be careful when creating new files to set the correct >> group. >> > Hello, > > Do you means (operation steps ) : > chown -R svradmin.edward /usr/local/proftpd/etc > chmod 660 /usr/local/proftpd/etc/proftpd.conf > > So, Only svradmin, edward and root user they can access to the directory > and read / modify the file, right ? Yes - you probably also want chmod 770 /usr/local/proftpd/etc if it doesn't have those modes already. Also, you need to check that this does not prevent the proftpd program from reading its own config file. I don't know if it runs as root at that point or not. If it runs with non-root permissions as it starts, you'll have to be sure it has permission. If there is no sensitive information there you could just allow 'other' read access. |
