PDA

View Full Version : ProFTPd Permissions


CarbonCopy
1st May 2009, 23:03
I've installed ProFTPd with MySQL support and have a working setup. My virtual user's home directories are /home/vftp/domain.tld/username. The home directory is owned by ftpuser:ftpgroup with file permissions dr-x------ so that the user may not write files in the directory. Inside the home directory I have symlinks owned by root that point to /www/domain1.tld and every other domain I want the user to have access to. All folders in /www/ have permissions of 777 and are owned by apache:apache so that apache can write log files and temp files in each directory (PHP has open_basedir in effect). The 777 permissions are so my ftp users can write files inside these directories which work fine.

The ProFTPd umask is 022.

Any way I can do this so apache and ftpuser have access to the directory without chmoding 777?

Any way to prevent users from chmoding something as executable?

Any other things I should change?

falko
2nd May 2009, 21:38
You can either make the Apache user a member of the ftpgroup or the other way round. That way, permissions of 775 should work.

Users cannot chmod files if they don't own them or are members of the group.

CarbonCopy
2nd May 2009, 22:30
I added ftpuser to group apache, and groups ftpuser confirms this. However, I can no longer create or delete files with FTP. I chmodded everything to 775.


Command: DELE test.html
Response: 550 test.html: Operation not permitted


test.html is owned by ftpuser:ftpgroup and has the permissions 777 but I cannot delete it

falko
3rd May 2009, 18:38
What are the permissions and ownerships of the directory that contains test.html?

CarbonCopy
3rd May 2009, 18:54
The directory is /www/domain.tld and is chmodded to 775 with the owner apache:apache

falko
4th May 2009, 12:29
And ftpuser is a member of the group apache? Have you tried to restart ProFTPd?

CarbonCopy
5th May 2009, 01:18
[root]/etc # groups ftpuser
ftpuser : ftpgroup apache


Yes, I've tried restarting the proftpd daemon

With the owner apache:apache on /www/domain.tld and the permissions 775, I get permission denied for everything. My Virtual FTP user's home directory is /home/vftp/domain.tld/<user> with a symlink to /www/domain.tld and the VRoot Engine is on to allow this.

EDIT:

I just tried something new. I set the owner to apache:ftpgroup and permissions 775 and it works fine. Will ProFTPd or Apache have issues with this? Because right now ProFTPd and Apache should both have full access to the directory.

Also, would it hurt to chmod the directory to 770?