Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
All I'm trying to do is to make it so a system user (we'll call them 'webguy') can FTP into the root directory of the apache web server and upload and change files. Doesn't seem like too much too ask for.
I'm not (yet) using virtual hosts.
I have installed Apache2 and vsftp. I've tried changing the home directory of webguy to /var/www/localhost/htdocs. This will allow webguy to land in the right directory, but not upload anything. Initially all the folder/file permissions were set for root:root. I changed it to apache:apache and added webguy to the apache group. Still doesn't work.
Next I tried to create a symlink from /var/www/localhost/htdocs to /home/webguy/web and changed his home directory back to /home/webguy. But I still don't have permission to upload files.
This is taking all day. I really don't know what do to.
Is there something terribly and painfully obvious that I'm missing?
You could create a folder called upload, change the own to webguy ("chown webguy upload", I think) and make sure that he has right to both read and write to that folder (chmod +rw upload)
The symlink should work as well, just so the owner is webguy and he has full read and write permissions for it
Thanks for the reply, but it doesn't really answer the question. I know that the symlink *should* work, but it doesn't. And I don't know why I should make an upload folder to send files to when I want them to be placed in the htdocs folder.
Found a solution. Symlinks won't work because with chroot_local_user=YES restricts the user to their /home/ directory and the symlink is trying to get out of that home directory. The solution is to use:
mount --bind /target_directory/ /new_directory_in_home_path/
@spankmeister7, if I were you I'd stick with the apache:apache approach on /var/www/localhost/htdocs and
making that the FTP user's home directory. Creating a mount for something this easy is overkill, in my book,
unless webguy is supposed to do other things besides uploading to the website.
If you want to enable chroot for security (to disallow "webguy" to go out of /var/www/localhost/htdocs), use
the home directory /var/www/localhost/htdocs/./ and enable the chroot_local_user=YES vsftpd option as TongueTied suggested. You may want to create the directory /var/www/localhost/htdocs/bin/ and put some basic commands like "ls" in there, otherwise your chroot'ed webguy user won't be able to list the directory contents.
Also, have you verified that the vsftpd config allows for uploads? File and directory permissions are one thing, but vsftpd has some config options on top of those (to allow/disallow delete/upload (write)/download for all ftp users (including virtual ones) or even on a per-user basis).
> You may want to create the directory /var/www/localhost/htdocs/bin/ and put some
> basic commands like "ls" in there, otherwise your chroot'ed webguy user won't be
> able to list the directory contents.
I don't think spankmeister need to do this. Doesn't the vsftpd.conf param "dirlist_enable" provide this? It seems to for me.
dirlist_enable is a vsftpd option, that works regardless of the underlying filesystem.
Simply said, it allows you to disable directory listings, even if the "ls" program is available and the FTP "ls" command should normally work.
However, the chroot affects the underlying filesystem. By chroot'ing, you can make it impossible for the chroot'ed program to find the "ls" program to actually produce the listing (many FTP programs do not create the listing themselves, but rather use the standard Linux programs like "ls"). So, even if you would enable directory listings via the option, I doubt that vsftpd could create a listing, simply because it can't find "ls" in the chroot jail (unless it's provided). But you can always try that...
Copying simple programs like "ls" into a chroot jail is common practice, not only for FTP servers, but for all chroot jails.
Distribution: Debian Etch with Kernel 2.6.x (latest vanila)
Posts: 62
Rep:
Hmm, I think you don't need to make local copies of some files in bin/ because the standard anonymous don't have them too. And the anonymous is in a chroot jail too.
So just do a
Code:
usermod -d /var/www/localhost/htdocs/ webguy
if that doesn't work, you can change back to the old home-dir by replacing /var/www/localhost/htdocs/ with /home/webguy/
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
