Freebsd Secondary Group not allowing folder deletion

unix permissions freebsd

TLDR: I have a user that is a member to a group as a secondary group. This user can delete files with 664 perms as a secondary user, but not directories with perms of 775.

Details: I have a user. Lets call him ftpuser. I use him to upload and download files to my devbox. The user's primary group is "ftp" and is also in the group "www" as a secondary group. My web server runs as user www and group www, and I have proftpd (running as www and www) configured to drop all files into the needed directories as www and www (for file ownership) and perms 664 on files and 775 on directories.

My problem is (tried with 2 ftp clients) the ftp client can delete the files, but not the folders. Filezilla returns 550 permission denied. The owner only can delete flag is not set, and I've triple checked the permissions and they are indeed 775.

Its driving me nuts to have to log into my server to manually delete folders every time. Some of the folders and files are created by 1 of my php scripts, but the permissions are getting set properly when I check the files' properties.

Directory and file creation works phenomenal. Can delete files, just not directories.

Freebsd 9.0 Running in VirtualBox (32bit all the way around) Proftpd (running as www and www) as ftp server (tried using both dreamweaver and filezilla as the clients) Basic amp setup (apache,mysql,and php).

Edit:

The parent folder was 755. I knew it would be something stupid simple and easily overlooked. I thought I set mass perms to 775 two directories up (apache22/data), but I musta made that directory after I set the perms. You learn something new everyday. Thanks!


Solution 1:

In order to remove a directory you must have write permissions on its parent. For example, given this directory:

drwxr-xr-x    3 owner  staff   102 Nov  5 22:00 .
drwxr-xr-x  160 owner  admin  5440 Nov  5 22:00 ..
drwxr-xr-x    2 owner  staff    68 Nov  5 22:00 foo

only owner can delete the directory foo (because only owner has write permission on the parent directory).

If you grant the staff group write permissions on the parent directory:

drwxrwxr-x    3 owner  staff   102 Nov  5 22:00 .
drwxr-xr-x  160 owner  admin  5440 Nov  5 22:00 ..
drwxr-xr-x    2 owner  staff    68 Nov  5 22:00 foo

then any member of the staff group can remove the directory foo.
Note however that in order to remove the directory they would need to be able to delete all of its contents as well, as you cannot remove a non-empty directory.

Solution 2:

The permission to delete a folder would be the permissions to "write" to the parent folder. What you are really doing is removing the "subfolder" entry in the parent folder. I'm guessing the parent folder doesn't have write permissions for the 'www' group.

Related

IIS 7.5 Missing Authorization Header
Postfix unable to create lock file, permission denied
Deploying Office 2013 via GPO
Tridion 2011 SP1 Core Service - expose to live server within PROD env
How could I determine which SMB client/session has a specific file open on a Server 2008R2 Windows file server?
links between switches for iSCSI
How to configure postfix and dovecot so that thunderbird can automatically find settings
Documentation For The "Other" ntp (HP/Epson Printing)
debian, diff, config default
Add system user to CentOS 6
Find current IOPS usage of EBS volume from my application on AWS EC2
Can I let my users create VM's as they wish?