I need to access my Client|web folder using their respective FTP/SSH username password, without giving access to other clients and web folder. This is my very big problem, let me explain in detail. I migrated my Laravel application from cPanel via weget to AWS EC2. Then I extracted into respective Client|Web folder as Root user. Permission 0755 and Owner/Group 5499/5500 and 5009/5008. When Initially I tried access using Filezilla in following setup. Protocol: FTP Encryption: Use explicit FTP over TLS if available. Logo on type: Normal User: Myuser Password: Mypassword Transfer Mode: Default Filezilla Windows 64bit. I am getting as follows. Status: Resolving address of app.insta-redeem.in Status: Connecting to My-AWS-elastic-IP:21... Status: Connection established, waiting for welcome message... Response: 220---------- Welcome to Pure-FTPd [privsep] [TLS] ---------- Response: 220-You are user number 1 of 50 allowed. Response: 220-Local time is now 13:32. Server port: 21. Response: 220-This is a private system - No anonymous login Response: 220-IPv6 connections are also welcome on this server. Response: 220 You will be disconnected after 15 minutes of inactivity. Command: AUTH TLS Error: Connection timed out after 20 seconds of inactivity Error: Could not connect to server Status: Waiting to retry... Then I used following setup for temporary (But still now I am using this insecure way only) Protocol: FTP Encryption: Only use plain FTP (insecure) Logo on type: Normal User: Myuser Password: Mypassword Transfer Mode: Passive Now server is connected I can access the Web folder. But unable do any changes I am getting following. Response: 550 Could not delete new.txt: Permission denied When I connect as root user I am unable to access web folder. If I change the file permission to 0777 I can access these files. Currently my application runtime folder is 777 which is very dangerous. I tried login by creating SSH user. While I am creating SSH user I didn't give any key. I don't know how to use SSH properly.
You will have to fix your file/directory permissions as root from the cli, you said you used numeric user/group id's above, so maybe verify that those are correct for the web# user and client# group that the site belongs to. You might create a new test website to see how the ownership/permissions are set. Also ensure you have suexec enabled in your site settings with php-fpm mode. It seems like laravel had some permissions and directory structure required, I'm not familiar with it, but search the forums here for more info. With a shell user you can work from the cli once you ssh to the server, but you will have to fix ownership and permissions as root first if they are incorrect. Also with a shell user you can connect with sftp, which is purely a file access protocol like ftp, and supported by many ftp clients (and easier to setup than ftp). For security, ensure you have jailkit installed and that you create your ssh users using a chroot jail.
I found these admin@server1:~$ sudo ls -l /var/www/clients/client1/web14/web/admin total 552 -rw-r--r-- 1 4702 4707 13864 Feb 24 09:19 academic.php -rw-r--r-- 1 4702 4707 7780 Feb 24 09:35 academic11create.php -rw-r--r-- 1 4702 4707 5859 Feb 24 09:36 academic11delete.php -rw-r--r-- 1 4702 4707 6340 Feb 24 09:37 academic11read.php -rw-r--r-- 1 4702 4707 9872 Feb 24 09:42 academic11update.php -rw-r--r-- 1 4702 4707 7779 Feb 24 09:44 academic12create.php -rw-r--r-- 1 4702 4707 5858 Feb 24 09:58 academic12delete.php -rw-r--r-- 1 4702 4707 6385 Feb 24 09:57 academic12read.php -rw-r--r-- 1 4702 4707 9872 Feb 24 09:58 academic12update.php -rw-r--r-- 1 4702 4707 491 May 20 14:07 config.php -rw-r--r-- 1 4702 4707 7778 Feb 24 09:31 create.php drwxr-xr-x 2 4702 4707 4096 Feb 12 04:53 css -rw-r--r-- 1 4702 4707 5380 Mar 5 09:59 dashboard.php -rw-r--r-- 1 4702 4707 343 Feb 12 08:57 dbConfig.php -rw-r--r-- 1 4702 4707 5861 Feb 24 09:49 delete.php -rw-r--r-- 1 4702 4707 940 Feb 5 02:42 error.php drwxr-xr-x 5 4702 4707 4096 Feb 11 04:04 fonts -rw-r--r-- 1 4702 4707 5638 Feb 24 10:01 galleryindex.php -rw-r--r-- 1 4702 4707 833 Feb 21 06:18 galleryupload.php drwxr-xr-x 17 4702 4707 4096 Feb 11 04:04 images -rw-r--r-- 1 4702 4707 8165 Feb 21 07:02 index.php AND admin@server1:~$ cat /etc/group |cut -d: -f1 root {......other groups...} client2 client3 client1 client4 client0 AND admin@server1:~$ groups admin adm dialout cdrom floppy sudo audio dip video plugdev netdev In above I coudn't find iSPConfig groups. admin@server1:~$ sudo ls -l /var/www/clients/client1/web22/web/ total 24 drwxr-xr-x 2 web22 client1 4096 May 20 15:37 error -rwxr-xr-- 1 web22 client1 7358 May 20 15:37 favicon.ico -rwxr-xr-- 1 web22 client1 1861 May 20 15:37 index.html -rwxr-xr-- 1 web22 client1 14 May 20 15:37 robots.txt drwxr-xr-x 2 web22 client1 4096 May 20 15:37 stats I have created this in php-fpm mode Previously it was suexec enabled with php-cgi mode now changed it into suexec enabled with php-fpm mode When try open it redirects to another domain hosted in the same server due to Let's Encrypt. Now how to resolve this issue.
https://www.howtoforge.com/community/threads/wrong-site-for-given-url.79058/#post-373990 https://www.howtoforge.com/community/threads/lets-encrypt-error-faq.74179/
So here, instead of user 4702 and group 4707, you should set to user web14 and group client1. The groups are just what you printed, client1, client2, client3, etc. There you go, use that as an example to base your chmod/chown's on. It should work in either mode, with php-fpm being preferred.
Thank you Jesse issue resolved. I did as chown -R web14:client1 /var/www/clients/client1/web14/web Thank you for all who spent time to fix this. But still it is connecting via only the plain FTP is there any way to change to TLS?
Try to read and follow the Perfect Server Tutorial for your OS with regards to using TLS as it normally do cover on how to secure your pure-ftpd-mysql with TLS.
