ProFTPD 553 Permission denied on server -------------------------------------------------------------------------------- I am a newbie trying to setup a LAMP server and I thought I had everything figured out until I tried to write files using FTP. When logged in under FTP using ProFTPD I get the error message 553 "Permission denied on server" error when trying to delete or overwrite files. I tried this with both the root and the new "www" user I created. I tried chmod 777 in for the /var/www folder, which didn't seem to help. I can log in through console and delete the same file with no problem. I am not sure if this is a configuration problem with ProFTPD or if it is a linux user problem where I just didn't set up the user right. Below is my proftpd.conf file. Ideally I'd like to have the www user dropped into the /var/www/ folder upon login and be able to modify files as necessary. Thanks for your help in advance!! Matt. # # /etc/proftpd.conf -- This is a basic ProFTPD configuration file. # To really apply changes reload proftpd after modifications. # ServerName "Streambox Linux" ServerType standalone DeferWelcome off MultilineRFC2228 on DefaultServer on ShowSymlinks on UseReverseDNS off IdentLookups off TimeoutNoTransfer 600 TimeoutStalled 600 TimeoutIdle 1200 DisplayLogin welcome.msg DisplayFirstChdir .message ListOptions "-l" DenyFilter \*.*/ # Uncomment this if you are using NIS or LDAP to retrieve passwords: #PersistentPasswd off # Uncomment this if you would use TLS module: #TLSEngine on # Uncomment this if you would use quota module: #Quotas on # Uncomment this if you would use ratio module: #Ratios on # Port 21 is the standard FTP port. Port 21 # To prevent DoS attacks, set the maximum number of child processes # to 30. If you need to allow more than 30 concurrent connections # at once, simply increase this value. Note that this ONLY works # in standalone mode, in inetd mode you should use an inetd server # that allows you to limit maximum number of processes per service # (such as xinetd) MaxInstances 30 # Set the user and group that the server normally runs at. User www Group www # Umask 022 is a good standard umask to prevent new files and dirs # (second parm) from being group and world writable. Umask 022 022 # Normally, we want files to be overwriteable. AllowOverwrite on # Delay engine reduces impact of the so-called Timing Attack described in # http://security.lss.hr/index.php?page=details&ID=LSS-2004-10-02 # It is on by default. #DelayEngine off # A basic anonymous configuration, no upload directories. # <Anonymous ~ftp> # User ftp # Group nogroup # # We want clients to be able to login with "anonymous" as well as "ftp" # UserAlias anonymous ftp # # Cosmetic changes, all files belongs to ftp user # DirFakeUser on ftp # DirFakeGroup on ftp # # RequireValidShell off # # # Limit the maximum number of anonymous logins # MaxClients 10 # # # We want 'welcome.msg' displayed at login, and '.message' displayed # # in each newly chdired directory. # DisplayLogin welcome.msg # DisplayFirstChdir .message # # # Limit WRITE everywhere in the anonymous chroot # <Directory *> # <Limit WRITE> # DenyAll # </Limit> # </Directory> # # # Uncomment this if you're brave. # # <Directory incoming> # # # Umask 022 is a good standard umask to prevent new files and dirs # # # (second parm) from being group and world writable. # # Umask 022 022 # # <Limit READ WRITE> # # DenyAll # # </Limit> # # <Limit STOR> # # AllowAll # # </Limit> # # </Directory> # # </Anonymous>
Which distribution do you use? What's the output of Code: ls -la /var and as which user are you logging in with FTP?
www@linux01:~$ ls -la /var total 56 drwxr-xr-x 14 root root 4096 2005-09-09 09:49 . drwxr-xr-x 22 root root 4096 2006-05-02 18:31 .. drwxr-xr-x 2 root root 4096 2006-05-24 06:25 backups drwxr-xr-x 7 root root 4096 2005-09-09 09:49 cache drwxr-xr-x 16 root root 4096 2006-02-01 13:57 lib drwxrwsr-x 2 root staff 4096 2005-03-31 11:09 local drwxrwxrwt 4 root root 4096 2006-05-29 14:29 lock drwxr-xr-x 9 root root 4096 2006-05-30 06:25 log drwxrwsr-x 2 root mail 4096 2005-12-01 16:07 mail drwxr-xr-x 2 root root 4096 2001-12-31 18:32 opt drwxr-xr-x 11 root root 4096 2006-05-29 14:34 run drwxr-xr-x 4 root root 4096 2001-12-31 18:32 spool drwxrwxrwt 2 root root 4096 2006-05-25 12:01 tmp drwxr-xr-x 26 root root 4096 2006-05-30 12:51 www
Is this a difficult question or did I post it wrong? Is it just too dumb of a question? I got no responses
Then replace Code: User www Group www with Code: User nobody Group npgroup in /etc/proftpd.conf. Also add Code: DefaultRoot ~ and restart Proftpd. Then create a new user and group, e.g. exampleuser and examplegroup, with /var/www as exampleuser's homedir. Then do this: Code: chown exampleuser:examplegroup /var/www Afterwards log in to FTP with the user exampleuser. You can't expect to get responses at once.
I followed this process and I am still getting the same error, weirly enough I can create files ok, I just can't delete/modify. ftp> pwd 257 "/home/www" is current directory. ftp> rm index.html 553 index.html: Permission denied on server. (Delete ftp> mkdir dkfjds 257 "/home/www/dkfjds" new directory created. ftp> rmdir dkfjds 553 dkfjds: Permission denied on server. (Delete) ftp>
root@linux01:/home/www # ls -al total 52 drwxrwxrwx 11 nobody 99 4096 2006-06-06 16:57 . drwxr-xr-x 11 root root 4096 2006-05-25 11:10 .. -rw------- 1 www www 868 2006-06-06 02:17 .bash_history drwxrwxrwx 2 nobody 99 4096 2003-08-27 17:01 bin drwxr-xr-x 2 www www 4096 2006-06-06 16:57 dkfjds drwxrwxrwx 2 nobody 99 4096 2003-05-05 15:59 doc drwxrwxrwx 2 nobody 99 4096 2002-06-21 14:28 help drwxr-xr-x 2 500 500 4096 2003-04-10 17:27 html drwxrwxrwx 2 nobody 99 4096 2003-05-01 17:25 images -rwxrwxrwx 1 nobody 99 62 2002-06-21 14:25 index.html drwxrwxrwx 2 nobody 99 4096 2002-06-21 14:34 logs drwxr-xr-x 2 nobody 99 4096 2002-06-22 07:19 Phone drwxrwxrwx 4 nobody 99 4096 2002-02-13 15:11 Reports root@linux01:/home/www #
I now have access to the /home/www directory. The problem is that I need "modify" access to the /var/www/ directory. root@linux01:/home/www # ls -al total 44 drwxrwxrwx 10 nobody 99 4096 2006-06-07 10:02 . drwxr-xr-x 11 root root 4096 2006-05-25 11:10 .. -rw------- 1 www www 868 2006-06-06 02:17 .bash_history drwxrwxrwx 2 nobody 99 4096 2003-08-27 17:01 bin drwxrwxrwx 2 nobody 99 4096 2003-05-05 15:59 doc drwxrwxrwx 2 nobody 99 4096 2002-06-21 14:28 help drwxr-xr-x 2 500 500 4096 2003-04-10 17:27 html drwxrwxrwx 2 nobody 99 4096 2003-05-01 17:25 images drwxrwxrwx 2 nobody 99 4096 2002-06-21 14:34 logs drwxr-xr-x 2 nobody 99 4096 2002-06-22 07:19 Phone drwxrwxrwx 4 nobody 99 4096 2002-02-13 15:11 Reports root@linux01:/home/www #
I do not know how to delete 99? I have a "group" file, but no "groups" file in /etc root:x:0: daemon:x:1: bin:x:2: sys:x:3: adm:x:4: tty:x:5: disk:x:6: lp:x:7: mail:x:8: news:x:9: uucp:x:10: man:x:12: proxy:x:13: kmem:x:15: dialout:x:20: fax:x:21: voice:x:22: cdrom:x:24: floppy:x:25: tape:x:26: sudo:x:27: audio:x:29: dip:x:30: www-data:x:33: backup:x:34: operator:x:37: list:x:38: irc:x:39: src:x:40: bin:x:2: sys:x:3: adm:x:4: tty:x:5: disk:x:6: lp:x:7: mail:x:8: news:x:9: uucp:x:10: man:x:12: proxy:x:13: kmem:x:15: dialout:x:20: fax:x:21: voice:x:22: cdrom:x:24: floppy:x:25: tape:x:26: sudo:x:27: audio:x:29: dip:x:30: www-data:x:33: backup:x:34: operator:x:37: list:x:38: gnats:x:41: shadow:x:42: utmp:x:43: video:x:44: sasl:x:45: plugdev:x:46: staff:x:50: games:x:60: users:x:100: nogroup:x:65534: crontab:x:101: ssh:x:102: postfix:x:103: postdrop:x:104: syslog:x:105: klog:x:106: lpadmin:x:107: scanner:x:108: admin:x:109:matt,alex matt:x:1001: mysql:x:110: alex:x:1002: ntp:x:111: lance:x:1000: nogroup:!:201: ftp:x:23: matthew:x:1003: www:x:1004:
