Score:0

How do I make a folder owner writable, and world readable

in flag

I have just successfully setup a local user with FTP access with his own home folder and chrooted to that folder, but he's asking if there's a way for that folder (/home/username) can be owner writable and world readable for apache? This is so that others in the same building can download files using standard http protocols but only the owner can upload via FTP.

EG A local user sends a zip file to his home location (/home/user), and someone in the building opens that location using http://domain sees that file and clicks it to download it, but the owner can replace the file at anytime for things like, updates, etc etc.

I have set apache directives to allow all access, and to follow symlinks, and create directory listing, but when the url is entered into a browser all that happens is 'You do not have permission to access this location', I have tried just about everything possible, I even tried adding the user to the www-data group that apache uses, basically what's needed is a user uploads via FTP, and anyone can view the listing and download from that location.

I think it's possible, but if not, then how do web developers update their websites using FTP to upload and yet everyone can still see the site?

Score:1
cn flag

but he's asking if there's a way for that folder (/home/username) can be owner writable and world readable for apache?

Please do not mess with home's permissions. If you want to go that route use a dedicated partition and change the permissions there. That is a lot more secure. I have had Windows users removing hidden files like .profile and .bash* because they did not put them there themself

do web developers update their websites using FTP to upload and yet everyone can still see the site?

Generally I would advice to not do this. More secure method:

  1. let developers upload files to a home directory (each developer with his own home so you can track the changes).
  2. have a job (cron/systemd/directory watcher) check for new files.
  3. as an extra feature: make a backup of the website files you want to update using the developers username as part of the backup.
  4. have that job copy or move files over from developer home to webserver changing user, group and permissions to the website settings.
  • Are you sure it is www-data? Nowadays it should be apache/apache.
  • This way you can always restore the previous state without all developers have to make backups (they can for their own purpose).

If you still want them to directly update files.

  • create a user you all can use to log into the server.
  • set apache user and group to the same user
  • let them upload files using that user.

... and always use private keys :)

Micheal Saunders avatar
in flag
Are you talking about virtual users? Where there's no local account and no home directory, just a location that the files reside, if that's the case, then how do you setup a virtual user to access that location using FTP, while apache serves up that location as a directory listing, where someone can download from that directory?
mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.