ProFTPd Permissions

Discussion in 'Server Operation' started by CarbonCopy, May 1, 2009.

  1. CarbonCopy

    CarbonCopy New Member

    I've installed ProFTPd with MySQL support and have a working setup. My virtual user's home directories are /home/vftp/domain.tld/username. The home directory is owned by ftpuser:ftpgroup with file permissions dr-x------ so that the user may not write files in the directory. Inside the home directory I have symlinks owned by root that point to /www/domain1.tld and every other domain I want the user to have access to. All folders in /www/ have permissions of 777 and are owned by apache:apache so that apache can write log files and temp files in each directory (PHP has open_basedir in effect). The 777 permissions are so my ftp users can write files inside these directories which work fine.

    The ProFTPd umask is 022.

    Any way I can do this so apache and ftpuser have access to the directory without chmoding 777?

    Any way to prevent users from chmoding something as executable?

    Any other things I should change?
     
    Last edited: May 2, 2009
  2. falko

    falko Super Moderator ISPConfig Developer

    You can either make the Apache user a member of the ftpgroup or the other way round. That way, permissions of 775 should work.

    Users cannot chmod files if they don't own them or are members of the group.
     
  3. CarbonCopy

    CarbonCopy New Member

    I added ftpuser to group apache, and groups ftpuser confirms this. However, I can no longer create or delete files with FTP. I chmodded everything to 775.

    Code:
    Command:	DELE test.html
    Response:	550 test.html: Operation not permitted
    
    test.html is owned by ftpuser:ftpgroup and has the permissions 777 but I cannot delete it
     
    Last edited: May 2, 2009
  4. falko

    falko Super Moderator ISPConfig Developer

    What are the permissions and ownerships of the directory that contains test.html?
     
  5. CarbonCopy

    CarbonCopy New Member

    The directory is /www/domain.tld and is chmodded to 775 with the owner apache:apache
     
  6. falko

    falko Super Moderator ISPConfig Developer

    And ftpuser is a member of the group apache? Have you tried to restart ProFTPd?
     
  7. CarbonCopy

    CarbonCopy New Member

    Code:
    [root]/etc # groups ftpuser
    ftpuser : ftpgroup apache
    
    Yes, I've tried restarting the proftpd daemon

    With the owner apache:apache on /www/domain.tld and the permissions 775, I get permission denied for everything. My Virtual FTP user's home directory is /home/vftp/domain.tld/<user> with a symlink to /www/domain.tld and the VRoot Engine is on to allow this.

    EDIT:

    I just tried something new. I set the owner to apache:ftpgroup and permissions 775 and it works fine. Will ProFTPd or Apache have issues with this? Because right now ProFTPd and Apache should both have full access to the directory.

    Also, would it hurt to chmod the directory to 770?
     
    Last edited: May 5, 2009

Share This Page