550 Can't create directory: Permission denied

Discussion in 'General' started by Whax, May 1, 2013.

  1. Whax

    Whax New Member

    Hello,

    I have the same problem as many users. I cannot upload or create anything in the ftp root's directory.

    After searching in the forum about my problem, I found these topic :

    http://www.howtoforge.com/forums/showthread.php?t=61560

    To test, I created a new website but I still have the problem

    I used resync tool too, my server server was rebooted too, but I still have the problem.

    Any suggestion?

    Thanks for support,

    Whax
     
    Last edited: May 1, 2013
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    Thats correct and the intended behaviour. FTP users may not upload anything to the website root directory.

    Website files have to be uploaded to the "web" directory and thats possible with the ftp user. If you want to upload files by FTP that shall not be visible in the website, then they have to be uploaded into the private folder of the site.
     
    Last edited: May 1, 2013
  3. Whax

    Whax New Member

    That's not correct. Moderns frameworks like laravel, fuelphp or symfony example need to put some data outside the document root.

    Is there a way to prevent this?

    Thanks for support.

    WhaX
     
  4. till

    till Super Moderator Staff Member ISPConfig Developer

    You can put data outside of the docroot into the private folder if your framework requires that. If the web root folder would be writable by the ftp user, then your clients would be able to make apache fail by renaming folders like web.
     
  5. Whax

    Whax New Member

    If I do that I must hack the framework to work with the private directory by changing all paths.

    This is not the good way if I choose to update the framework later.

    This limitation wasn't on previous ispconfig versions :/

    Clients can be stupid I know, but there is not the case most of times, and I'm here to fix that ;)
     
  6. till

    till Super Moderator Staff Member ISPConfig Developer

    There was a bug in previous versions which allowed uploads to the web root and thats fixed now. A client which is able to rename the web folder is not only able to bring down his own site, apache is not fault tolerant regarding vhost paths so the whole server with all sites and the ispconfig controlpsnel will be down in that case.

    I will consider to add a option in future versions to allow modifications in the web root folder but everyone should be aware that this option can not be used on servers that allow ftp access by clients.
     
  7. Whax

    Whax New Member

    Thanks for you reply.

    So If i don't want to hack the framework could it be a good way to move the vhost root directory to web/public?

    Thanks.

    WhaX
     
    Last edited: May 1, 2013
  8. till

    till Super Moderator Staff Member ISPConfig Developer

    Thats one option that I considered for the next release to allow a subfolder for web as vhost docroot on the options tab. But it will bring back the issue that I described above, as soon as someone renames the public folder on the server, all websites on that server will fail. So if we add such a config options, then thats nothing that a ISP which hosts clients on the serverw ill be able to use.

    There is no real solution for the issue, as long as apache has no function to exclude a single vhost when a docroot directory does not exist instead of the current behaviour which stops all sites in such a case.
     
    Last edited: May 1, 2013
  9. orasis

    orasis Member

    Hi I was just wondering, tll, can't you just deny rename/delete on sensitive directories such as 'web' etc ? Although the 'private' directory idea is fine to my view, everybody is forced to be more tidy from now on.

    by the way, congratulations for the new version, it brought some features I always wanted. keep it up guys.
     
  10. till

    till Super Moderator Staff Member ISPConfig Developer

    The only way that i found till now to deny the rename and delete of folders by the web user that are owned by the web user is to use the immutable attribute on the root folder.

    If someone knows a trick how to achieve that without blocking the web root, please let mo know :)
     
  11. orasis

    orasis Member

    great work GREAT WORK ! :)
     

Share This Page