0

I have a site called site1 located in /var/www/site1, and it is owned by www-data user. The group permission is belong www-data group.

The web server is Apache2. The FTP server is ProFTPD.

As we allow FTP for an external user called externalftpusr to FTP in.

How do I allow this FTP user to upload/change the file accordingly to this /var/www/site1 ?

So far, we did:

sudo chmod -a -G www-data externalftpusr

When we upload a file, we have this error on FTP client: 550 index.html: Permission denied

We prefer to keep www-data as user on ownership of the site.

I am appreciated your help.

Thanks

dcpartners
  • 101
  • Could you confirm the command you ran to add the FTP account to www-data? The one in your question is incomplete (which could explain why it didn’t work) – matigo Dec 05 '22 at 22:16
  • Sorry :) I modified the command already - chmod. Also when we ran: grep ^www-data /etc/group ... we can confirm that externalftpusr user on that group. – dcpartners Dec 05 '22 at 23:07
  • When adding a user account to a group, one would generally use usermod, as you are modifying a user account. It will also be important to confirm that the permissions on the directory match those of the files, ideally with a 755 or 775 (never use 777) – matigo Dec 05 '22 at 23:25
  • Probably a misconfiguration of vsftpd.conf please make sure the user has permission to do so – Utkarsh Chandra Srivastava Dec 05 '22 at 23:27
  • @matigo - I mean I've added to the right group for that user. Permission for all folders are 0755 whiles files 0644 – dcpartners Dec 06 '22 at 01:21
  • @UtkarshChandraSrivastava - We're using the ProFTPD server actually - look at the config and nothing really significant for this – dcpartners Dec 06 '22 at 01:23
  • 1
    Does this answer your question? How to avoid using sudo when working in /var/www? – muru Dec 06 '22 at 03:11
  • The permissions should be 775 to allow the group member user to write, and also you should use setgid to ensure group permissions are inherited when creating new files. – muru Dec 06 '22 at 03:12
  • @muru - Changed that to 775 and the FTP worked Ok for updating/adding/deleting files. Now, the problem is will this 775 be secure? Cause the Apache can execute via www-data group ?!?! Am I missing something here? – dcpartners Dec 06 '22 at 04:39
  • "Cause the Apache can execute via www-data group" I don't understand what that means. Execute what? Apache is already running as the www-data user, and your question says the files are owned by that user so it already has full permissions. – muru Dec 06 '22 at 04:44
  • @muru I thought the Apache running on the www-data group, not on the www-data user? Technically, I can create any user and set the ownership to let's say site1 user and assign into www-data group. – dcpartners Dec 06 '22 at 05:02
  • Unless you configured it differently, Apache on Ubuntu runs using the www-data user by default. – muru Dec 06 '22 at 05:07
  • @muru - sorry you are right. I run this ps aux | egrep '(apache|httpd)' and I found www-data as user. For allowing this externalftpusr updating files to via FTP, 775 looks the way to go. – dcpartners Dec 06 '22 at 05:17

0 Answers0