Score:0

Ubuntu

How to allow an FTP user to manage /var/www/site1 which is owned by www-data user

dcpartners

12/5/23, 9:41 PM

I have a site called site1 located in /var/www/site1, and it is owned by www-data user. The group permission is belong www-data group.

The web server is Apache2. The FTP server is ProFTPD.

As we allow FTP for an external user called externalftpusr to FTP in.

How do I allow this FTP user to upload/change the file accordingly to this /var/www/site1 ?

So far, we did:

sudo chmod -a -G www-data externalftpusr

When we upload a file, we have this error on FTP client: 550 index.html: Permission denied

We prefer to keep www-data as user on ownership of the site.

I am appreciated your help.

Thanks

518

0 + 13

ftp

apache2

www

proftpd

matigo

12/5/23, 10:16 PM

Could you confirm the command you ran to add the FTP account to `www-data`? The one in your question is incomplete (which could explain why it didn’t work)

dcpartners

12/5/23, 11:07 PM

Sorry :) I modified the command already - chmod. Also when we ran: `grep ^www-data /etc/group` ... we can confirm that **externalftpusr** user on that group.

matigo

12/5/23, 11:25 PM

When adding a user account to a group, one would generally use `usermod`, as you are **mod**ifying a **user** account. It will also be important to confirm that the permissions on the directory match those of the files, ideally with a `755` or `775` (never use `777`)

Utkarsh Chandra Srivastava

12/5/23, 11:27 PM

Probably a misconfiguration of vsftpd.conf please make sure the user has permission to do so

dcpartners

12/6/23, 1:21 AM

@matigo - I mean I've added to the right group for that user. Permission for all folders are 0755 whiles files 0644

dcpartners

12/6/23, 1:23 AM

@UtkarshChandraSrivastava - We're using the ProFTPD server actually - look at the config and nothing really significant for this

muru

12/6/23, 3:11 AM

Does this answer your question? [How to avoid using sudo when working in /var/www?](https://askubuntu.com/questions/46331/how-to-avoid-using-sudo-when-working-in-var-www)

muru

12/6/23, 3:12 AM

The permissions should be 775 to allow the group member user to write, and also you should use setgid to ensure group permissions are inherited when creating new files.

dcpartners

12/6/23, 4:39 AM

@muru - Changed that to 775 and the FTP worked Ok for updating/adding/deleting files. Now, the problem is will this 775 be secure? Cause the Apache can execute via www-data group ?!?! Am I missing something here?

muru

12/6/23, 4:44 AM

"Cause the Apache can execute via www-data group" I don't understand what that means. Execute what? Apache is already running as the `www-data` user, and your question says the files are owned by that user so it already has full permissions.

dcpartners

12/6/23, 5:02 AM

@muru I thought the Apache running on the www-data group, not on the www-data user? Technically, I can create any user and set the ownership to let's say **site1** user and assign into www-data group.

muru

12/6/23, 5:07 AM

Unless you configured it differently, Apache on Ubuntu runs using the `www-data` user by default.

dcpartners

12/6/23, 5:17 AM

@muru - sorry you are right. I run this `ps aux | egrep '(apache|httpd)'` and I found www-data as user. For allowing this **externalftpusr** updating files to via FTP, 775 looks the way to go.

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: How to allow an FTP user to manage /var/www/site1 which is owned by www-data user

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.