0

How do I set up an FTP user with access to web root using vsftpd?

I am currently setting up a website and I am trying to learn more about web servers on the way. I used shared hosting providers before, but this time I'd like to set up the server from scratch with a VPS. I installed a LAMP stack already and installed Wordpress. Everything works so far except for updating Wordpress automatically since it is asking for FTP access.

Therefore I installed vsftpd by following this tutorial. This also works accordingly.

The problem is that in the tutorial the FTP user has it's dedicated files directory (/home/ftp_user/ftp/files), but I need to give the user access to the web root (/var/www/html/site) for Wordpress performing the update.

I tried having the local_root point to /var/www/html

and I tried setting up a symlink like this

ln -s /var/www/html /home/ftp_user/ftp/files

but both ways do not work. When I try to connect, it says 

vsftpd: refusing to run with writable root inside chroot()

What is the proper way to achieve this? Or would it be better to not use the /var/www/html location at all?

jost21
  • 230
  • 1
  • 3
  • 12

2 Answers2

0

FTP does not follow symlinks for good reasons. Instead, you should use a bind-mount.

# Create mount directory below ftp/files
mkdir /home/ftp_user/ftp/files/www

# Mount
mount -o bind /var/www/html /home/ftp_user/ftp/files/www

Try if it works.

To make it permanent add this to /etc/fstab:

/var/www/html /home/ftp_user/ftp/files/www none defaults,bind 0 0

Be aware that unlike a symlink, if you delete the www-folder you will remove all the files in /var/www/html too.

pLumo
  • 26,947
  • This solved one of my problems, but I still get the vsftpd: refusing to run with writable root inside chroot() error. However I could resolve that one by adding allow_writeable_chroot=YES to the vsftpd.conf file. I am not sure if it is secure to add that setting, but at least it works. – jost21 Feb 27 '19 at 23:13
0

The method described by RoVo works for me. But I think I had 2 issues at the beginning (chroot and the symlinks).

By adding allow_writeable_chroot=YES to the vsftpd.conf file, it now also works to point the local_root to /var/www/html

I am not sure if it is secure to add the allow_writeable_chroot=YES setting, but it was mentioned on multiple sites/blog posts, e.g.

To make the local_root work, I added this line to /ect/vsftpd.conf: 

user_config_dir=/etc/vsftpd/vsftpd-user-conf

and created a file with the name of the FTP user in the folder /etc/vsftpd/vsftpd-user-conf/ with this content:

local_root=/var/www/html
Byte Commander
  • 107,489
jost21
  • 230
  • 1
  • 3
  • 12