HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials

HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials (http://www.howtoforge.com/forums/index.php)
-   General (http://www.howtoforge.com/forums/forumdisplay.php?f=25)
-   -   550 Can't create directory: Permission denied (http://www.howtoforge.com/forums/showthread.php?t=61679)

Whax 1st May 2013 13:44

550 Can't create directory: Permission denied
 
Hello,

I have the same problem as many users. I cannot upload or create anything in the ftp root's directory.

After searching in the forum about my problem, I found these topic :

http://www.howtoforge.com/forums/showthread.php?t=61560

To test, I created a new website but I still have the problem

I used resync tool too, my server server was rebooted too, but I still have the problem.

Any suggestion?

Thanks for support,

Whax

till 1st May 2013 15:37

Quote:

I have the same problem as many users. I cannot upload or create anything in the ftp root's directory.
Thats correct and the intended behaviour. FTP users may not upload anything to the website root directory.

Website files have to be uploaded to the "web" directory and thats possible with the ftp user. If you want to upload files by FTP that shall not be visible in the website, then they have to be uploaded into the private folder of the site.

Whax 1st May 2013 16:11

Quote:

Originally Posted by till (Post 296569)
Website files have to be uploaded to the "web" directory and thats possible with the ftp user. If you want to upload files by FTP that shall not be visible in the website, then they have to be uploaded into the private folder of the site.

That's not correct. Moderns frameworks like laravel, fuelphp or symfony example need to put some data outside the document root.

Is there a way to prevent this?

Thanks for support.

WhaX

till 1st May 2013 16:18

You can put data outside of the docroot into the private folder if your framework requires that. If the web root folder would be writable by the ftp user, then your clients would be able to make apache fail by renaming folders like web.

Whax 1st May 2013 16:45

If I do that I must hack the framework to work with the private directory by changing all paths.

This is not the good way if I choose to update the framework later.

This limitation wasn't on previous ispconfig versions :/

Clients can be stupid I know, but there is not the case most of times, and I'm here to fix that ;)

till 1st May 2013 16:51

There was a bug in previous versions which allowed uploads to the web root and thats fixed now. A client which is able to rename the web folder is not only able to bring down his own site, apache is not fault tolerant regarding vhost paths so the whole server with all sites and the ispconfig controlpsnel will be down in that case.

I will consider to add a option in future versions to allow modifications in the web root folder but everyone should be aware that this option can not be used on servers that allow ftp access by clients.

Whax 1st May 2013 18:00

Thanks for you reply.

So If i don't want to hack the framework could it be a good way to move the vhost root directory to web/public?

Thanks.

WhaX

till 1st May 2013 18:22

Quote:

So If i don't want to hack the framework could it be a good way to move the vhost directory to web/public?
Thats one option that I considered for the next release to allow a subfolder for web as vhost docroot on the options tab. But it will bring back the issue that I described above, as soon as someone renames the public folder on the server, all websites on that server will fail. So if we add such a config options, then thats nothing that a ISP which hosts clients on the serverw ill be able to use.

There is no real solution for the issue, as long as apache has no function to exclude a single vhost when a docroot directory does not exist instead of the current behaviour which stops all sites in such a case.

orasis 12th May 2013 09:06

Hi I was just wondering, tll, can't you just deny rename/delete on sensitive directories such as 'web' etc ? Although the 'private' directory idea is fine to my view, everybody is forced to be more tidy from now on.

by the way, congratulations for the new version, it brought some features I always wanted. keep it up guys.

till 12th May 2013 16:38

The only way that i found till now to deny the rename and delete of folders by the web user that are owned by the web user is to use the immutable attribute on the root folder.

If someone knows a trick how to achieve that without blocking the web root, please let mo know :)


All times are GMT +2. The time now is 11:35.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.