Score:0

How to allow an FTP user to manage /var/www/site1 which is owned by www-data user

sa flag

I have a site called site1 located in /var/www/site1, and it is owned by www-data user. The group permission is belong www-data group.

The web server is Apache2. The FTP server is ProFTPD.

As we allow FTP for an external user called externalftpusr to FTP in.

How do I allow this FTP user to upload/change the file accordingly to this /var/www/site1 ?

So far, we did:

sudo chmod -a -G www-data externalftpusr

When we upload a file, we have this error on FTP client: 550 index.html: Permission denied

We prefer to keep www-data as user on ownership of the site.

I am appreciated your help.

Thanks

in flag
Could you confirm the command you ran to add the FTP account to `www-data`? The one in your question is incomplete (which could explain why it didn’t work)
dcpartners avatar
sa flag
Sorry :) I modified the command already - chmod. Also when we ran: `grep ^www-data /etc/group` ... we can confirm that **externalftpusr** user on that group.
in flag
When adding a user account to a group, one would generally use `usermod`, as you are **mod**ifying a **user** account. It will also be important to confirm that the permissions on the directory match those of the files, ideally with a `755` or `775` (never use `777`)
Utkarsh Chandra Srivastava avatar
hu flag
Probably a misconfiguration of vsftpd.conf please make sure the user has permission to do so
dcpartners avatar
sa flag
@matigo - I mean I've added to the right group for that user. Permission for all folders are 0755 whiles files 0644
dcpartners avatar
sa flag
@UtkarshChandraSrivastava - We're using the ProFTPD server actually - look at the config and nothing really significant for this
muru avatar
us flag
Does this answer your question? [How to avoid using sudo when working in /var/www?](https://askubuntu.com/questions/46331/how-to-avoid-using-sudo-when-working-in-var-www)
muru avatar
us flag
The permissions should be 775 to allow the group member user to write, and also you should use setgid to ensure group permissions are inherited when creating new files.
dcpartners avatar
sa flag
@muru - Changed that to 775 and the FTP worked Ok for updating/adding/deleting files. Now, the problem is will this 775 be secure? Cause the Apache can execute via www-data group ?!?! Am I missing something here?
muru avatar
us flag
"Cause the Apache can execute via www-data group" I don't understand what that means. Execute what? Apache is already running as the `www-data` user, and your question says the files are owned by that user so it already has full permissions.
dcpartners avatar
sa flag
@muru I thought the Apache running on the www-data group, not on the www-data user? Technically, I can create any user and set the ownership to let's say **site1** user and assign into www-data group.
muru avatar
us flag
Unless you configured it differently, Apache on Ubuntu runs using the `www-data` user by default.
dcpartners avatar
sa flag
@muru - sorry you are right. I run this `ps aux | egrep '(apache|httpd)'` and I found www-data as user. For allowing this **externalftpusr** updating files to via FTP, 775 looks the way to go.
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.