frustrated with apache2 and vsftp
 

Right.

All I'm trying to do is to make it so a system user (we'll call them 'webguy') can FTP into the root directory of the apache web server and upload and change files. Doesn't seem like too much too ask for.

I'm not (yet) using virtual hosts.

I have installed Apache2 and vsftp. I've tried changing the home directory of webguy to /var/www/localhost/htdocs. This will allow webguy to land in the right directory, but not upload anything. Initially all the folder/file permissions were set for root:root. I changed it to apache:apache and added webguy to the apache group. Still doesn't work.

Next I tried to create a symlink from /var/www/localhost/htdocs to /home/webguy/web and changed his home directory back to /home/webguy. But I still don't have permission to upload files.

This is taking all day. I really don't know what do to.

Is there something terribly and painfully obvious that I'm missing?

You could create a folder called upload, change the own to webguy ("chown webguy upload", I think) and make sure that he has right to both read and write to that folder (chmod +rw upload)

The symlink should work as well, just so the owner is webguy and he has full read and write permissions for it ;)

need more specifics
 

Thanks for the reply, but it doesn't really answer the question. I know that the symlink *should* work, but it doesn't. And I don't know why I should make an upload folder to send files to when I want them to be placed in the htdocs folder.


This must be a very common issue.

I have found the same problem. Have you found a solution?

Found a solution. Symlinks won't work because with chroot_local_user=YES restricts the user to their /home/ directory and the symlink is trying to get out of that home directory. The solution is to use:

mount --bind /target_directory/ /new_directory_in_home_path/

@spankmeister7, if I were you I'd stick with the apache:apache approach on /var/www/localhost/htdocs and
making that the FTP user's home directory. Creating a mount for something this easy is overkill, in my book,
unless webguy is supposed to do other things besides uploading to the website.

If you want to enable chroot for security (to disallow "webguy" to go out of /var/www/localhost/htdocs), use
the home directory /var/www/localhost/htdocs/./ and enable the chroot_local_user=YES vsftpd option as TongueTied suggested. You may want to create the directory /var/www/localhost/htdocs/bin/ and put some basic commands like "ls" in there, otherwise your chroot'ed webguy user won't be able to list the directory contents.

Also, have you verified that the vsftpd config allows for uploads? File and directory permissions are one thing, but vsftpd has some config options on top of those (to allow/disallow delete/upload (write)/download for all ftp users (including virtual ones) or even on a per-user basis).

timmeke,

> You may want to create the directory /var/www/localhost/htdocs/bin/ and put some
> basic commands like "ls" in there, otherwise your chroot'ed webguy user won't be
> able to list the directory contents.

I don't think spankmeister need to do this. Doesn't the vsftpd.conf param "dirlist_enable" provide this? It seems to for me.

@seanhharrison,

dirlist_enable is a vsftpd option, that works regardless of the underlying filesystem.
Simply said, it allows you to disable directory listings, even if the "ls" program is available and the FTP "ls" command should normally work.
However, the chroot affects the underlying filesystem. By chroot'ing, you can make it impossible for the chroot'ed program to find the "ls" program to actually produce the listing (many FTP programs do not create the listing themselves, but rather use the standard Linux programs like "ls"). So, even if you would enable directory listings via the option, I doubt that vsftpd could create a listing, simply because it can't find "ls" in the chroot jail (unless it's provided). But you can always try that...

Copying simple programs like "ls" into a chroot jail is common practice, not only for FTP servers, but for all chroot jails.

Fair enough. I used to have to do that with wu-ftpd, but haven't even thought about it since moved to vsftpd...

Hmm, I think you don't need to make local copies of some files in bin/ because the standard anonymous don't have them too. And the anonymous is in a chroot jail too.

So just do a
if that doesn't work, you can change back to the old home-dir by replacing /var/www/localhost/htdocs/ with /home/webguy/