Permission Error - FTP and SFTP Users - ISPConfig 3.1.6

Discussion in 'General' started by Kadu, Sep 8, 2017.

  1. Kadu

    Kadu New Member

    Hello friends.
    I have this problem.
    I can enter the folder, but I can not send, delete, or change any file.
    someone with the same problem?
    Or some solution?

    I already rode the command:

    echo "40110 40210" > /etc/pure-ftpd/conf/PassivePortRange
    /etc/init.d/pure-ftpd-mysql restart

    I also added these entries to the ISPConfig Firewall

    My Server:
    Debian 8 x64 (jessie) + Nginx
    Chroot Shell: Jailkit
     
    Last edited: Sep 16, 2017
  2. adamjedgar

    adamjedgar Member

    I have just installed ispconfig running same O/S as you on a google cloud compute instance. I also have another one running vestacp in which i have encountered a very similar error to you. my vesta installation will write files to the server but gives me error code 550 when i try to write folders.

    I am quite sure in my case its something to do with file permissions and default ownership given by the control panel, for some reason ownership my cp is giving is not the right one for the actual user. I could overcome the problem easily by changing permissions to 777 but this isnt a good solution.

    In your case, I suspect that:
    1. the wrong user has been granted ownership and as such the user that is supposed to be writing to this directory may only actually have "read and/or execute" access.
    2. your user permissions are wrong (ie not a high enough level of access is given)

    i am not sure who your user is meant to be ...my ispconfig server web directory is set to 5004/5005 (owner/group) and permissions for the directory are 0755 (folders) and 0754 (files)

    Check your file permissions for the directory you are looking at with ftp. Who is the owner? What group controls the directory? What permissions have been set for this directory ...ie write/edit/read/execute. Your directory permissions should be something like 751 or 755 for folders, and 644 for files (sometimes 751 is used for both).
    Remember that the 3 octets related to who may access and what level of access they have. For example:
    7xx - the first number- means the "owner" has full access to read, write, execute, edit, and delete
    x5x - the second number - means the "group" has access to read, and execute
    xx1 - the third number - means "others" has access to execute only

    Below outlines this in much more detail, sourced from fluid hosting (i am not affiliated...this is just a good outline)

    About File Modes
    File Mode defines sets of permissions on the file. It defines who can read, write and execute it. File mode for cgi-bin has always been traditionally set to 755 (read + write + execute for owner, and read + execute for group and others). Since we utilize suExec, the CGI scripts can be safely set to 711 or even 700. This means nobody else can read your scripts. This provides a very good security in the shared hosting environment.
    The file mode can be changed by using an FTP client, through the shell or using WebShell (the web based file manager, available through your control panel). It is normally changeable using the "chmod" command.
    What do these numbers mean?
    The file mode consists of three digits, and each digits range from 0 to 7. It defines who can access the file. There are three groups of people, each is defined by a digit in the file mode.​
      • The first digit defines the permissions for the owner of the file
      • The second digit defines the permissions for the people in the same group as the file's group.
      • The third digit defines the permissions for others.
    The permissions are: Read, Write, Execute (often shortened to rwx).
    A digit represents the three access rights.
    Basic:​
      • 0 = No rights
      • 1 = Execute Only
      • 2 = Write Only (rarely used)
      • 4 = Read Only
    Combination of the Basic:​
      • 3 = Write and Execute (rarely used)
      • 5 = Read and Execute
      • 6 = Read and Write
      • 7 = Read, Write and Execute
    As you can see, 3 = 2 + 1, which means Write and Execute. The same applies for the other combinations.
    So when you see the file mode of 755, it means:​
      • The first digit is 7 = read, write and execute = file owner can read, write and execute this file
      • The second digit is 5 = read and execute = people in the same group as the file's group can read and execute this file
      • The third digit is 5 = read and execute = everyone else can read and execute this file too
     
    Last edited: Sep 9, 2017
  3. till

    till Super Moderator Staff Member ISPConfig Developer

    @Kadu: I guess you simply try to upload the files to a wrong folder. The website files have t be uploaded to the 'web' folder and files that shall be kept outside of the web root go to the 'private' folder, other folders are not and shal not be writable. Do not alter any permissions or ownerships of the website base folders.
     
  4. Kadu

    Kadu New Member

    @till I am inside the "Web" folder and I am still unable to make any changes. As I mentioned at the beginning.
     
  5. till

    till Super Moderator Staff Member ISPConfig Developer

    You are using an FTP user that you created in ISPConfig for this website, right and you did not alter anything on the advanced tab of the FTP user like trying to change the assiciated shell user, right?

    Then please go to the web dir on the shell and post the output of 'ls -la' when you are in the web dir.
     
  6. adamjedgar

    adamjedgar Member

    Till i wonder if he has installed ISPConfig as the wrong user from the outset. In my case with Vestacp, i inadvertantly did not install it with a user with high enough privilages in the first place. Once i realised my mistake and reinstalled using the root user (not a sudoer), my web directory write/edit problem was immediately solved. I have done the same with ISPConfig...installed using root user account directly, or at least entered sudo -su first then started the install process as that user (i had this problem if just "sudo" was manually used in front of each copied and pasted command from the tutorials)

    Kadu, what user did you perform the original install? Was it root, sudoer, or 'sudo' in front of each command entered/copied and pasted into shell?
     
  7. Kadu

    Kadu New Member

    I did it. But still it goes on.
     
  8. Kadu

    Kadu New Member

    root user in the installation.
     
  9. HSorgYves

    HSorgYves Member HowtoForge Supporter

    Where is the output of ls -la?
     
  10. Kadu

    Kadu New Member

    Code:
    [email protected]:/web$ ls -la
    total 604
    drwxr-x--x  9 tcheeadminsftp client1   4096 Sep  6 20:27 .
    drwxr-xr-x 17 root           root      4096 Sep  6 21:23 ..
    -rw-r--r--  1 root           root     10790 Sep  3 17:58 .htaccess
    -rw-r--r--  1 root           root      9452 Aug 19 08:40 ajax_loading.php
    drwxr-xr-x  4 root           root      4096 Sep  3 12:33 api
    -rw-r--r--  1 root           root      8940 Jan  9  2017 api.php
    -rw-r--r--  1 root           root      9852 Sep  3 18:26 app_api.php
    drwxr-xr-x  5 root           root      4096 Sep  3 12:33 assets
    drwxr-xr-x  2 root           root      4096 Jun 17  2016 cache
    -rw-r--r--  1 root           root       960 Sep  6 01:58 config.php
    -rw-r--r--  1 root           root     10790 Sep  3 18:01 htaccess.txt
    -rw-r--r--  1 root           root       804 Jan 25  2017 import.php
    -rw-r--r--  1 root           root     11433 Sep  3 17:58 index.php
    -rw-r--r--  1 root           root      9706 Mar 21 11:56 login-with.php
    -rw-r--r--  1 tcheeadminsftp client1   9351 Sep  7 17:54 nginx.conf
    -rw-r--r--  1 root           root    439315 Sep  3 18:55 requests.php
    -rw-r--r--  1 root           root       146 Jul 29 07:33 robots.txt
    drwxr-xr-x  7 root           root      4096 Sep  3 17:58 sources
    drwxr-xr-x  2 tcheeadminsftp client1   4096 Sep 15 03:00 stats
    drwxr-xr-x  4 root           root      4096 Sep  6 01:31 themes
    -rw-r--r--  1 root           root      6934 Apr  8 10:05 updater.php
    drwxr-xr-x  7 root           root      4096 Jun  4 15:37 upload
    -rw-r--r--  1 root           root     20052 Apr  5 12:46 web.config.xml
    [email protected]:/web$
    
     
  11. HSorgYves

    HSorgYves Member HowtoForge Supporter

    Your ftp user won't be able to modify anything owned by root:root. Your permissions are messed up...
    From shell, go to that folder (!!!) and do: chown -R tcheeadminsftp:client1
    P.S.: Use that command only when in the web folder!
     
  12. Kadu

    Kadu New Member

    Hey, "tcheeadminsftp" is a shell user

    chown -R tcheeadminsftp:client1
    bash: chown: command not found
     
    Last edited: Sep 16, 2017
  13. adamjedgar

    adamjedgar Member

    my user permissions for home directory are as follows (and this works for mine)

    I havent played with anything yet, so i may have errors here. but filezilla is working.
    my ls -la file
    and my filezilla users and permissions

    Files and folders inside "web" are 644 and 755 (same owner and group 5004/5005)
     

    Attached Files:

    Last edited: Sep 16, 2017
  14. Kadu

    Kadu New Member

    WinSCP
    [​IMG]
     
  15. adamjedgar

    adamjedgar Member

    my apologies i forgot the go into user home directory for web before running ls -la. see attached.

    Please note, this is the user that was used to install the original O/S on Google Cloud Compute. It is also the administrative user for Google Cloud Compute projects. So it may be different from your current user (google cloud assigns the permissions in GCE automatically based on my google account)
     

    Attached Files:

  16. HSorgYves

    HSorgYves Member HowtoForge Supporter

    True, sorry, I am tired, should not answer late. The permissions should be web[somenumber]:client1, probably web1:client1.

    Edit: The permissions of the web folder itself are correct. Check these from shell (not FileZilla)!
     
  17. Kadu

    Kadu New Member

    Without success, I continue with the same problem so far.
     

Share This Page