Ftp file permisions chown ftpuser:ftpgroup

Discussion in 'HOWTO-Related Questions' started by Webspot, Jan 18, 2007.

  1. Webspot

    Webspot New Member

    Hi
    i have tried to solve this by myself searhing through a few forum posts but no luck.
    I did come across a reply from falko about changing permisions form apache to ftpuser:ftp group by using the following command

    chown ftpuser:ftpgroup /var/www/web1/
    chown -R ftpuser:ftpgroup /var/www/web1/
    but i get for both commands

    chown: `ftpuser:ftpgroup': invalid user

    previously i aplyed
    chown -R -v -f www-data:www-data web/*

    which i got from the joomla_ispconfig tutorial making it writable for apache
    but i think that needs to be changed.

    my /etc/proftpd.conf is as follows
    Code:
    # /etc/proftpd.conf -- This is a basic ProFTPD configuration file.
    # To really apply changes reload proftpd after modifications.
    #
    
    ServerName                      "Debian"
    ServerType                      standalone
    DeferWelcome                    off
    
    MultilineRFC2228                on
    DefaultServer                   on
    ShowSymlinks                    on
    
    TimeoutNoTransfer               600
    TimeoutStalled                  600
    TimeoutIdle                     1200
    
    DisplayLogin                    welcome.msg
    DisplayFirstChdir               .message
    ListOptions                     "-l"
    
    DenyFilter                      \*.*/
    
    # Uncomment this if you are using NIS or LDAP to retrieve passwords:
    #PersistentPasswd               off
    
    # Uncomment this if you would use TLS module:
    #TLSEngine                      on
    
    # Uncomment this if you would use quota module:
    #Quotas                         on
    
    # Uncomment this if you would use ratio module:
    #Ratios                         on
    
    # Port 21 is the standard FTP port.
    Port                            21
    
    # To prevent DoS attacks, set the maximum number of child processes
    # to 30.  If you need to allow more than 30 concurrent connections
    # at once, simply increase this value.  Note that this ONLY works
    # in standalone mode, in inetd mode you should use an inetd server
    # that allows you to limit maximum number of processes per service
    # (such as xinetd)
    MaxInstances                    30
    
    # Set the user and group that the server normally runs at.
    User                            nobody
    Group                           nogroup
    
    # Umask 022 is a good standard umask to prevent new files and dirs
    # (second parm) from being group and world writable.
    Umask                           022  022
    # Normally, we want files to be overwriteable.
    AllowOverwrite                  on
    
    # Delay engine reduces impact of the so-called Timing Attack described in
    # http://security.lss.hr/index.php?page=details&ID=LSS-2004-10-02
    # It is on by default.
    #DelayEngine                    off
    
    # A basic anonymous configuration, no upload directories.
    
    # <Anonymous ~ftp>
    #   User                                ftp
    #   Group                               nogroup
    #   # We want clients to be able to login with "anonymous" as well as "ftp"
    #   UserAlias                   anonymous ftp
    #   # Cosmetic changes, all files belongs to ftp user
    #   DirFakeUser on ftp
    #   DirFakeGroup on ftp
    #
    #   RequireValidShell           off
    #
    #   # Limit the maximum number of anonymous logins
    #   MaxClients                  10
    #
    #   # We want 'welcome.msg' displayed at login, and '.message' displayed
    #   # in each newly chdired directory.
    #   DisplayLogin                        welcome.msg
    #   DisplayFirstChdir           .message
    #
    #   # Limit WRITE everywhere in the anonymous chroot
    #   <Directory *>
    #     <Limit WRITE>
    #       DenyAll
    #     </Limit>
    #   </Directory>
    #
    #   # Uncomment this if you're brave.
    #   # <Directory incoming>
    #   #   # Umask 022 is a good standard umask to prevent new files and dirs
    #   #   # (second parm) from being group and world writable.
    #   #   Umask                           022  022
    #   #            <Limit READ WRITE>
    #   #            DenyAll
    #   #            </Limit>
    #   #            <Limit STOR>
    #   #            AllowAll
    #   #            </Limit>
    #   # </Directory>
    #
    DefaultRoot ~
    IdentLookups off
    ServerIdent on "FTP Server ready."
    # </Anonymous>
    
    
    Include /etc/proftpd_ispconfig.conf
    
    could some one please give me the steps id need to take to change this?

    thx
     
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    You must replace ftpuser with the admin username of this website and ftpgroup with the name of the group of the website.
     
  3. Webspot

    Webspot New Member

    Site runs under admin group

    would i be changing the /etc/proftpd.conf file in the following section

    # Set the user and group that the server normally runs at.
    User nobody
    Group nogroup

    to

    # Set the user and group that the server normally runs at.
    User admin-user-name
    Group admin

    or is there a set of commands i should run ?
    this my 4th day on linux so not sure how to do command type changes.

    Thx
     
  4. till

    till Super Moderator Staff Member ISPConfig Developer

    Do you use ISPConfig?
     
  5. Webspot

    Webspot New Member

    yes
    and everythign is working fine apart from the file permisions for users FTP
    they are all set to www-data making it hard for me to chnage any files in a websites directory when im accesing it via ftp.

    In ISPConfig i only have made 1 client which is me
    added 1 websites which is working fine
    and added 1 administative user

    should i have perhaps set myself up as a ressler first ?
     
  6. falko

    falko Super Moderator ISPConfig Developer

    No, don't change your Proftpd configuration.

    What's the username of that web site's admin user?
     
  7. Webspot

    Webspot New Member

    user name is webregister
     
  8. Webspot

    Webspot New Member

    I corrected permissions for ftp so the admin of the website has ownership for all files by running

    chown -R -v -f (admin_account_username):www-data web/*

    that made all existing files to be have administrator control
    but anytime i upload any form of component or module for joomla within joomla

    the ftp client shows those files having owner www-data

    now i can simply run the above mentioned chown command for any of the sites
    but there has to be a better way around this.
     
  9. falko

    falko Super Moderator ISPConfig Developer

    You could do a chmod 777 on all files, but if your server is used by other users, too, they get write access to your files.
     
  10. Webspot

    Webspot New Member

    Problem is ownership of files anytime anything is done from within joomla they have www-data ownership. Their should be a directive for the ownership to be the administrator of that web. Commercial linux systems running clients hosting account always show a 5 digit number for ownership for all the files that do not change when installing items with joomla.

    For now the command i mentioned on top does do the trick but ill have to find a way to tell the system that even joomla installs are owned by administrator.
     
  11. till

    till Super Moderator Staff Member ISPConfig Developer

    The solution for this is to run PHP under the admin user of the website. Thas how other big hostsers are doing it and thats the way ISPConfig can do it too when you install suphp. The suphp installation is discussed in several thraeds in the forum.
     
  12. Webspot

    Webspot New Member

    Thanks till ill take a run at reading some of the posts. It will be a lot easier now that i know roughly what im looking for :)
     

Share This Page