[SOLVED] Unable to access files via Filezilla in AWS EC2

Discussion in 'Installation/Configuration' started by Bharath Raj, May 20, 2020.

  1. Bharath Raj

    Bharath Raj New Member

    I need to access my Client|web folder using their respective FTP/SSH username password, without giving access to other clients and web folder.

    This is my very big problem, let me explain in detail.

    I migrated my Laravel application from cPanel via weget to AWS EC2. Then I extracted into respective Client|Web folder as Root user.
    Permission 0755 and Owner/Group 5499/5500 and 5009/5008.

    When Initially I tried access using Filezilla in following setup.
    Protocol: FTP
    Encryption: Use explicit FTP over TLS if available.
    Logo on type: Normal
    User: Myuser
    Password: Mypassword
    Transfer Mode: Default
    Filezilla Windows 64bit.

    I am getting as follows.
    Status: Resolving address of app.insta-redeem.in
    Status: Connecting to My-AWS-elastic-IP:21...
    Status: Connection established, waiting for welcome message...
    Response: 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------
    Response: 220-You are user number 1 of 50 allowed.
    Response: 220-Local time is now 13:32. Server port: 21.
    Response: 220-This is a private system - No anonymous login
    Response: 220-IPv6 connections are also welcome on this server.
    Response: 220 You will be disconnected after 15 minutes of inactivity.
    Command: AUTH TLS
    Error: Connection timed out after 20 seconds of inactivity
    Error: Could not connect to server
    Status: Waiting to retry...

    Then I used following setup for temporary (But still now I am using this insecure way only)
    Protocol: FTP
    Encryption: Only use plain FTP (insecure)
    Logo on type: Normal
    User: Myuser
    Password: Mypassword
    Transfer Mode: Passive

    Now server is connected I can access the Web folder. But unable do any changes I am getting following.

    Response: 550 Could not delete new.txt: Permission denied

    When I connect as root user I am unable to access web folder.
    If I change the file permission to 0777 I can access these files.
    Currently my application runtime folder is 777 which is very dangerous.

    I tried login by creating SSH user. While I am creating SSH user I didn't give any key. I don't know how to use SSH properly.
     
  2. Jesse Norell

    Jesse Norell ISPConfig Developer Staff Member ISPConfig Developer

    You will have to fix your file/directory permissions as root from the cli, you said you used numeric user/group id's above, so maybe verify that those are correct for the web# user and client# group that the site belongs to. You might create a new test website to see how the ownership/permissions are set. Also ensure you have suexec enabled in your site settings with php-fpm mode.

    It seems like laravel had some permissions and directory structure required, I'm not familiar with it, but search the forums here for more info.

    With a shell user you can work from the cli once you ssh to the server, but you will have to fix ownership and permissions as root first if they are incorrect. Also with a shell user you can connect with sftp, which is purely a file access protocol like ftp, and supported by many ftp clients (and easier to setup than ftp). For security, ensure you have jailkit installed and that you create your ssh users using a chroot jail.
     
  3. Bharath Raj

    Bharath Raj New Member

    I found these

    [email protected]:~$ sudo ls -l /var/www/clients/client1/web14/web/admin
    total 552
    -rw-r--r-- 1 4702 4707 13864 Feb 24 09:19 academic.php
    -rw-r--r-- 1 4702 4707 7780 Feb 24 09:35 academic11create.php
    -rw-r--r-- 1 4702 4707 5859 Feb 24 09:36 academic11delete.php
    -rw-r--r-- 1 4702 4707 6340 Feb 24 09:37 academic11read.php
    -rw-r--r-- 1 4702 4707 9872 Feb 24 09:42 academic11update.php
    -rw-r--r-- 1 4702 4707 7779 Feb 24 09:44 academic12create.php
    -rw-r--r-- 1 4702 4707 5858 Feb 24 09:58 academic12delete.php
    -rw-r--r-- 1 4702 4707 6385 Feb 24 09:57 academic12read.php
    -rw-r--r-- 1 4702 4707 9872 Feb 24 09:58 academic12update.php
    -rw-r--r-- 1 4702 4707 491 May 20 14:07 config.php
    -rw-r--r-- 1 4702 4707 7778 Feb 24 09:31 create.php
    drwxr-xr-x 2 4702 4707 4096 Feb 12 04:53 css
    -rw-r--r-- 1 4702 4707 5380 Mar 5 09:59 dashboard.php
    -rw-r--r-- 1 4702 4707 343 Feb 12 08:57 dbConfig.php
    -rw-r--r-- 1 4702 4707 5861 Feb 24 09:49 delete.php
    -rw-r--r-- 1 4702 4707 940 Feb 5 02:42 error.php
    drwxr-xr-x 5 4702 4707 4096 Feb 11 04:04 fonts
    -rw-r--r-- 1 4702 4707 5638 Feb 24 10:01 galleryindex.php
    -rw-r--r-- 1 4702 4707 833 Feb 21 06:18 galleryupload.php
    drwxr-xr-x 17 4702 4707 4096 Feb 11 04:04 images
    -rw-r--r-- 1 4702 4707 8165 Feb 21 07:02 index.php

    AND

    [email protected]:~$ cat /etc/group |cut -d: -f1
    root
    {......other groups...}
    client2
    client3
    client1
    client4
    client0

    AND
    [email protected]:~$ groups
    admin adm dialout cdrom floppy sudo audio dip video plugdev netdev

    In above I coudn't find iSPConfig groups.

    [email protected]:~$ sudo ls -l /var/www/clients/client1/web22/web/
    total 24
    drwxr-xr-x 2 web22 client1 4096 May 20 15:37 error
    -rwxr-xr-- 1 web22 client1 7358 May 20 15:37 favicon.ico
    -rwxr-xr-- 1 web22 client1 1861 May 20 15:37 index.html
    -rwxr-xr-- 1 web22 client1 14 May 20 15:37 robots.txt
    drwxr-xr-x 2 web22 client1 4096 May 20 15:37 stats

    I have created this in php-fpm mode

    Previously it was suexec enabled with php-cgi mode
    now changed it into suexec enabled with php-fpm mode

    When try open it redirects to another domain hosted in the same server due to Let's Encrypt.
    Now how to resolve this issue.
     
  4. Taleman

    Taleman Well-Known Member HowtoForge Supporter

  5. Jesse Norell

    Jesse Norell ISPConfig Developer Staff Member ISPConfig Developer

    So here, instead of user 4702 and group 4707, you should set to user web14 and group client1.

    The groups are just what you printed, client1, client2, client3, etc.

    There you go, use that as an example to base your chmod/chown's on.

    It should work in either mode, with php-fpm being preferred.
     
  6. Bharath Raj

    Bharath Raj New Member

    Thank you Jesse issue resolved.
    I did as

    chown -R web14:client1 /var/www/clients/client1/web14/web

    Thank you for all who spent time to fix this.

    But still it is connecting via only the plain FTP is there any way to change to TLS?
     
  7. Taleman

    Taleman Well-Known Member HowtoForge Supporter

    How have you set up FTP server to use a certificate?
     
  8. Bharath Raj

    Bharath Raj New Member

    Default Installation I did using auto installer. Nothing special changes in FTP server
     
  9. ahrasis

    ahrasis Well-Known Member

    Try to read and follow the Perfect Server Tutorial for your OS with regards to using TLS as it normally do cover on how to secure your pure-ftpd-mysql with TLS.
     

Share This Page