LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices



Reply
 
Search this Thread
Old 06-10-2006, 02:06 AM   #1
Luth_AC
LQ Newbie
 
Registered: Jun 2006
Posts: 2

Rep: Reputation: 0
public_html not viewable to vsFTPd users but is viewable to HTTP users


So, some key points from my vsftpd.conf file:

local_umask=022
chroot_local_user=YES
anonymous_enable=NO
local_enable=YES
guest_enable=YES
guest_username=virtual
write_enable=YES
anon_mkdir_write_enable=YES
anon_upload_enable=YES


I've set up apache so that users have public_html files that are visible to the HTTP world, and it works fine. I can go to myIP/~virtual and see the contents of /home/virtual/public_html/, but when I FTP into the box, I cant see the /public_html/ subdirectory. I can upload files, and see other files in the /home/virtual/ directory, but /public_html/ remains hidden.

I created the /public_html/ directory as follows:
# mkdir /home/virtual/public_html
# chcon -R -t httpd_user_content_t /home/virtual/public_html/

Now, if I dont chcon the directory, I -can- see it on FTP, but I cant write to it, and HTTP can NOT see the folder. So its a step sideways, at best.

I've read a few dozen posts/websites/guides about setting this up, but I havent found a solution. I even read through a handfull of russian sites; they didnt know any better than anyone else.

I'm pulling my hair out over this one. If someone can help, PLEASE DO. My AIM/YIM is "Luth Crew", my MSN is LuthCrew@hotmail.com . I've been screwing with this for nearly 48 hours straight (i'm so tired), so please please help if you can.
 
Old 06-10-2006, 02:29 PM   #2
btmiller
Senior Member
 
Registered: May 2004
Location: In the DC 'burbs
Distribution: Arch, Scientific Linux, Debian, Ubuntu
Posts: 4,167

Rep: Reputation: 331Reputation: 331Reputation: 331Reputation: 331
The problem looks like it's related to SELinux. In particular, based on your note about chcon, it is because the ftp login session somehow doesn't have the proper SELinux priveliges to access the public_html directory. You either need to muck with your SELinux policy to allow a vsftp anonymous login to access a directory with the httpd_user_context. Or, if you don't need SELinux (which is a serious security layer developed in part by the US National Security Agency), I'd honestly either disable it outright or set it to permissive mode. This should get things working while you can tweak the context. From my experience, SELinux is only necessary if you're dealing with a machine with very sensitive data or need to strictly limit users. Since you seem to want to allow guest access ot a public HTTP directory, security doesn't seem to be a giant concern here (to say the least). In fact I'm not sure what you're trying to do, but it looks rather peculiar at first blush.
 
Old 06-10-2006, 02:41 PM   #3
Luth_AC
LQ Newbie
 
Registered: Jun 2006
Posts: 2

Original Poster
Rep: Reputation: 0
I'll boot up and try disabling SELinux, seeing if that works.

All I'm trying to do is upload a webpage to apache's virtual host directory. I tried CHROOTing them to /var/www/html, but it wouldnt allow the FTP users to CD to that directory. So I set up public_html accounts, thinking that if they could upload there, at least it would be viewable to the HTML world, and I could simply redirect. But that failed as well.

I'm easy. Linux isnt.

So, I've had a few people try to help me out with this, but we couldnt figure it out. Whats the proper way to allow one or two FTP users (not anonymous) to upload to the HTML directory?

In general, is leaving SELinux disabled a bad thing for a simple at-home webserver? Is it going to be worth the hassle to poke through the options to find which combination is going to allow me to see and write to the public_html directories? I'm not familiar with SELinux enough to know off-hand what they might be.
*edit*

Turning off SELinux did allow me to see the /home/virtual/public_html/ directory, but not write to it. I changed the owner of the directory to virtual:virtual and permissions to 775, and I can now write to it, but not overwrite files or delete them. So, completely useless for updating a website. However they ARE being seen by the HTML world, so thats good.

Last edited by Luth_AC; 06-10-2006 at 02:50 PM.
 
Old 06-10-2006, 03:27 PM   #4
btmiller
Senior Member
 
Registered: May 2004
Location: In the DC 'burbs
Distribution: Arch, Scientific Linux, Debian, Ubuntu
Posts: 4,167

Rep: Reputation: 331Reputation: 331Reputation: 331Reputation: 331
In general, the best way to do what you want is to create accounts for each user who needs to edit the Web site. Then, create a group called webmaster or whatever, and make the Web directory writeable by that group. That will allow each member of the webmaster group to put files into that directory. Make sure that you set their umask in VSFTP to 002, not 022. That way, members of the webmaster group will have write accwaa to files uploaded by other members (make sure all files uploaded are actually owned by the webmaster group, either by making the webmaster group the priumary group of all users uploading files or by chmod g+s'ing your web directory to force new files created to take the same group as the parent directory). This should accomplish what you want. I'd suggest reading one of the many tutorials on how Unix style permissions work for more information.

As for SELinux, if you're just running a simnple home webserver. particular if you're just serving static content, then it is probably overkill. Still it wouldn't be a bad thing to learn about. I've been meaning to do some further reading on it myself.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
To enlarge viewable screen grautu Suse/Novell 3 10-12-2005 10:28 AM
viewable outside shadz Linux - Networking 2 12-22-2004 05:50 PM
Rubbish Resolution - only viewable on 1024x768 Rikular Linux - Newbie 3 11-23-2004 03:13 PM
Are the tape's contents viewable? dtournas Linux - General 2 04-30-2004 07:20 AM
apache not viewable by the outside shycalais Linux - Software 5 12-18-2003 09:31 AM


All times are GMT -5. The time now is 07:33 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration