incoming FTP files can't not be deleted.

[pluk]

In all cases, files inside a directory from an upload can not be deleted by domain admin. I have to use root to remove them. Any reason and any fix?

The following shows the directory "kiki Invitations NEW". I can not remove this directory and either the files within it.
Strangly, the same parameters of the file Techno CDN.pdf is same as the inside files.

PARENT FOLDER
drwxr-xr-x 2 nobody nobody 4096 May 10 09:12 Kiki Invitations NEW
-rw-r--r-- 1 nobody nobody 26358902 May 12 11:29 Techo CDN.pdf


FILES IN "kiki Invitations NEW" FOLDER
-rw-r--r-- 1 nobody nobody 317568 May 10 09:12 Arial.bin
-rw-r--r-- 1 nobody nobody 206971 May 10 09:12 Arial.sitx
-rw-r--r-- 1 nobody nobody 14600567 May 10 09:15 invitation_omen.psd

 

[dbeames]

Were these FTPd, or were they uploaded by http?

 

[pluk]

Uploaded by web clients (I think more like internet explorer)

 

[dbeames]

Right, but did they do it via a "form" on a page. Or did they goto the url: ftp://ftp.domain.com? If they uploaded it from a form, the files will have the the permissions and ownership of the httpd. In some cases is "nobody" and in others is "apache". You can run suPHP which will cause files uploaded by a php app to have the users rights of the domain. But don't know for apache (html).

 

[pluk]

Plain upload from browsers. No server forms nor PHP involved.

 

[dbeames]

So they went to: ftp://ftp.domain.com/ and then copied a file into the browser? This one has me confused.

 

[pluk]

cases from clients...

1) On Windows MS internet explorer, you can authenticate and drop a folder with files.

2) Another user uses MAC fetch and drops the folder

 

[dbeames]

And they are not logging in via "anonymous" or "[email protected]" right?

 

[pluk]

They are. (as I've instructed them to do so).

 

[dbeames]

Then thats why. Anytime a user logs in as anonymous, it sets the file ownership accordingly. It will be set to "nobody". Because "anonymous" isn't a username. If they were logging in as a user, it would create the files with the username.

 

[pluk]

I use the incoming so that my customers can put their files into there. So with nobody, it can not be deleted. It needs what so that it can be deleted by the domain admin?

 

[dbeames]

Its not possible to do what you want to do. The setting is in /etc/proftpd.conf. It is a GLOBAL setting. Meaning if you change it from "nobody" to "thisuser", then ANYONe on ANY DOMAIN that uploads a file as "anonymous" will have the rights set as "thisuser". Thats not good. What you need to do is:

Create an ftp account for everyone to use. On the "User Level" of that domain go to "FTP Management". Then click on "Create FTP account". Put in a username (everyone can share this if you wish) then put the password. Select the middle option "FTP", this will put the user into the "public_ftp" directory (just like if they were anonymous). Then they can cd to the incoming directory and upload files. This will upload files with the same ownership as the Domain owner. Thus allowing the domain owner to delete them.

 

[pluk]

I guess then I could block anonymous accounts.

 

[dbeames]

Yep. That makes it more secure anyway.

 

[pluk]

Thanks!