FTP User permissions

Discussion in 'Installation/Configuration' started by tortib, Sep 2, 2014.

  1. tortib

    tortib Member

    Hello,

    I'm trying to figure out how I can have the permissions on /var/www (I'm running ubuntu 14.04) be 750 and still have my FTP users be able to read/write to the /var/www/clients/client0/web3/ dir. Currently if I set the /var/www dir to 750 I'm not able to list files with FTP. Thank you for your assistance.
     
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    you cant access all folders with one ftp user as each website is run under a different ftp user.
     
  3. tortib

    tortib Member

    Hello till.

    Which user does it run as because I want to restrict my normal shell uers who login with ssh from being able to view the contents of /var/www. Like I said if I chmod 755 -R /var/www it makes the folder writeable and readable by the ftp user. How can I achieve this?
     
  4. till

    till Super Moderator Staff Member ISPConfig Developer

    The FTP user is run under the same user then the shell of the respective website.

    e.g. on web1, the user is web1, on web2, the user is web2 etc.

    Ok, thats not related to FTP user permisions at all. If you want to restrict your shell users, then you have to create them as chrooted shell accounts.
     
  5. tortib

    tortib Member

    No these will be separate accounts from the ISPConfig3 config system, just normal shell accounts on the system that I add manually for some people I know. I want to be able to restrict all other users except the standard FTP users and shell users from accessing their web dirs. That's why I was trying to chmod the dir(s) to 750.
     
  6. till

    till Super Moderator Staff Member ISPConfig Developer

    Btw. Never try to run this command:

    it will destroy the setup in a way that ist completely insecure and it can only be fixed by restorng a full backup of /var/www or a complete reinstall. So never run this command if yu want to be able to further use your server securely. The above command opens up the ability that every user of your server and every script can hack all other sites, so thats really bad.
     
  7. till

    till Super Moderator Staff Member ISPConfig Developer

    This cant work. If you want to restrict your normal shell users, then add jails for them.
     
  8. tortib

    tortib Member

    I guess I'm a tad confused, how can the user not be able to read/write to their own dir when they login with FTP when I chmod 750 -R /var/www but if I chmod 755 -R /var/www listing and writing works? 5 is only write and execute permissions...
     
  9. tortib

    tortib Member

    I found a solution, I'm just going to place the normal system ssh users in the group users, chgrp -R users /var/www and then chmod 2705 -R /var/www.
     
  10. till

    till Super Moderator Staff Member ISPConfig Developer

    you are warae that all websites of your system are in /var/www and that they have different and much stricter permissions then 755 or 75o. by running a chmod -R you set these permission recursively and destry the fine tuned permissions etup of all websites.
     

Share This Page