Permissions of files uploaded through web client using LDAP

Questions dealing with specific FTP clients and Cerberus FTP Server.
Post Reply
DavidMattison
New User
Posts: 5
Joined: Tue Nov 06, 2012 4:51 am

Permissions of files uploaded through web client using LDAP

Post by DavidMattison » Tue Nov 06, 2012 5:20 am

Hi,

I've got a problem with the permissions of files being uploaded using the web client in a LDAP setup on a windows server. The uploaded files are being saved with individual permissions that only allow the user who uploaded them to view them, instead of inheriting permissions from the folder.

When files are uploaded using an SFTP client (filezilla), the uploaded files inherit the permissions of the folder, hence people with the correct windows group permissions can view those files.

Is there any way I can make the web client work in the same way as the ftp client is?

User avatar
Serin
Site Administrator
Posts: 1785
Joined: Sat Jan 01, 2005 6:57 pm
Location: United States
Contact:

Re: Permissions of files uploaded through web client using L

Post by Serin » Tue Nov 06, 2012 8:20 am

Hello David,

That's odd. The HTTP/S web client should write files under the same account and with the same permissions that an SFTP-uploaded file would get.

Only Active Directory authentication impersonates the logged in user and changes the file permissions. Otherwise, it's always the Cerberus service account reading and writing files. Are you certain you aren't using Active Directory authentication? If you write the same file to the same directory using an SFTP client, and then using the HTTP/S web client, using the same user account, are there any differences between file ownership and permissions?

DavidMattison
New User
Posts: 5
Joined: Tue Nov 06, 2012 4:51 am

Re: Permissions of files uploaded through web client using L

Post by DavidMattison » Wed Nov 07, 2012 11:38 am

Apologies, yes I am using Active Directory authentication.

I've attached a screenshot from the servers side, of the permissons of two identical pre-created folders with the correct permissions set, and I have uploaded an identical file to each them using the same user login account. One was uploaded through SFTP and the other (bottom) through the web client.

[link removed]

You can see the permissons of the top one (through filezilla) match the permissions of the folder they're saved in.

The bottom one's permissons (theough HTTPs) are quite different.
Last edited by DavidMattison on Thu Nov 22, 2012 10:16 am, edited 1 time in total.

User avatar
Serin
Site Administrator
Posts: 1785
Joined: Sat Jan 01, 2005 6:57 pm
Location: United States
Contact:

Re: Permissions of files uploaded through web client using L

Post by Serin » Tue Nov 13, 2012 7:55 pm

I think I understand what is happening.

Files uploaded using the HTTP/S client are first created in the temporary files directory for the user account. The file is then moved to the destination directory after the upload is completed. Because the file is created in the temporary files folder, the permissions for that file are inherited from that directory.

SFTP file are created directly in the directory they are destined for. That accounts for the difference.


Take a look at the temporary files folder and try modifying the default permissions for that folder to have the desired permissions.

DavidMattison
New User
Posts: 5
Joined: Tue Nov 06, 2012 4:51 am

Re: Permissions of files uploaded through web client using L

Post by DavidMattison » Fri Nov 16, 2012 4:01 am

Thanks Serin, that makes sense.

Would it be possible to set the temporary files folder dynamically for each upload, so that the correct permissions are applied each time?

User avatar
Serin
Site Administrator
Posts: 1785
Joined: Sat Jan 01, 2005 6:57 pm
Location: United States
Contact:

Re: Permissions of files uploaded through web client using L

Post by Serin » Fri Nov 16, 2012 10:03 am

Hello David,

It is not possible to set that folder dynamically.

DavidMattison
New User
Posts: 5
Joined: Tue Nov 06, 2012 4:51 am

Re: Permissions of files uploaded through web client using L

Post by DavidMattison » Mon Nov 19, 2012 10:54 am

Where is the temporary upload folder that I need to set the permissions on?

User avatar
Serin
Site Administrator
Posts: 1785
Joined: Sat Jan 01, 2005 6:57 pm
Location: United States
Contact:

Re: Permissions of files uploaded through web client using L

Post by Serin » Mon Nov 19, 2012 11:12 am

It would be the temporary files folder associated with the account of the AD user.

It really depends on the operating system and how your AD users and machine are setup. I could be:

C:\Users\%username%\AppData\Local\Temp

on Windows 2008 R2.



Cerberus queries the operating system for the temporary files folder for the logged in user.

DavidMattison
New User
Posts: 5
Joined: Tue Nov 06, 2012 4:51 am

Re: Permissions of files uploaded through web client using L

Post by DavidMattison » Thu Nov 22, 2012 10:15 am

The FTP users have never logged in to the server directly, so it looks like it was defaulting to Windows/Temp.

I've modified the permissions there, and those permissions are being carried accross to the uploaded docs.

Thanks.

Post Reply