LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 02-16-2006, 07:10 PM   #1
Odins_Son
LQ Newbie
 
Registered: Nov 2004
Location: Salem
Distribution: debian unstable
Posts: 18

Rep: Reputation: 0
FTP, permissions help


I needed to allow a person access to my server via ftp to edit and change some webpages.

I created a user called rob and I made his home directory /var/www/html. The html directory is owned by root and all the web directories in the html directory are owned by apache. How can I get it so that user rob can log in via ftp and access everything in the /var/www/html?

Any help on this would be greatly appreciated.


This is the error I get when trying to log in. I'm guessing its an issue with perms or directory ownership.

error loading directory...
425 Failed to establish connection.
421 Timeout.
disconnected
 
Old 02-16-2006, 07:27 PM   #2
pljvaldez
LQ Guru
 
Registered: Dec 2005
Location: Somewhere on the String
Distribution: Debian Wheezy (x86)
Posts: 6,094

Rep: Reputation: 271Reputation: 271Reputation: 271
First, which FTP server are you using?

Second, is there a reason you want him to have access to /var/www/html instead of his ~/public_html? Apache has a config file that will allow you to give each person their own directory for html. In the web browser, they would just type www.mysite.com/~rob/.

For that matter, I suppose you could just create a symbolic link from /var/www/html/index.html to /home/rob/public_html/index.html... Then he could change his files whenever he wanted to and the symbolic link would allow www.mysite.com to actually point to rob's directory. (Note I haven't tried this before, but don't see why it wouldn't work...)
 
Old 02-19-2006, 02:29 PM   #3
Odins_Son
LQ Newbie
 
Registered: Nov 2004
Location: Salem
Distribution: debian unstable
Posts: 18

Original Poster
Rep: Reputation: 0
got everything to work and it works fine while I have the server using the 20,21 ports.

However, I want my ftp to listen on a different port. When I make vsftpd listen on port 16000 I cannot connect.

here is the error I get:

500 Illegal PORT command.
Attemping PASV mode transfer...
PASV
227 Entering Passive Mode (209,89,7,231,110,127)
LIST
Connect socket #840 to 209.89.7.231, port 28287...
timeout
Error loading directory...
425 Failed to establish connection.
 
Old 02-19-2006, 03:32 PM   #4
btmiller
Senior Member
 
Registered: May 2004
Location: In the DC 'burbs
Distribution: Arch, Scientific Linux, Debian, Ubuntu
Posts: 4,284

Rep: Reputation: 371Reputation: 371Reputation: 371Reputation: 371
FTP expects to use certain ports in ways other protocols do not. It looks like you're using passive mode FTP. Passive mode FTP uses a random port for data and (in your case) port 16000 for commands (normal is 21). In this case it looks like it picked port 28287 to receive the data stream connection from the client. If that port is blocked by a firewall, this won't work.
 
Old 02-19-2006, 05:03 PM   #5
jcliburn
Member
 
Registered: Dec 2003
Location: Mississippi, USA
Distribution: Fedora
Posts: 435

Rep: Reputation: 33
In order to allow passive mode traffic through the server's firewall, use the pasv_max_port and pasv_min_port options in vsftpd.conf. Then modify iptables to allow traffic on the port range you defined.
 
Old 02-19-2006, 07:15 PM   #6
Odins_Son
LQ Newbie
 
Registered: Nov 2004
Location: Salem
Distribution: debian unstable
Posts: 18

Original Poster
Rep: Reputation: 0
Awsome...thanks guys
 
Old 02-21-2006, 11:26 AM   #7
Odins_Son
LQ Newbie
 
Registered: Nov 2004
Location: Salem
Distribution: debian unstable
Posts: 18

Original Poster
Rep: Reputation: 0
I'm still having an issue with this I did set the pasv_max_port=195 and pasv_min_port=200 and I opened these ports on my firewall. However, the client still tries to connect on a random port. I did restart the service as well.
 
Old 02-21-2006, 11:30 AM   #8
pljvaldez
LQ Guru
 
Registered: Dec 2005
Location: Somewhere on the String
Distribution: Debian Wheezy (x86)
Posts: 6,094

Rep: Reputation: 271Reputation: 271Reputation: 271
I think min needs to be less than max. Above you said min=200 and max=195. Maybe putting them the other way around would help?
 
Old 02-21-2006, 03:41 PM   #9
Odins_Son
LQ Newbie
 
Registered: Nov 2004
Location: Salem
Distribution: debian unstable
Posts: 18

Original Poster
Rep: Reputation: 0
Yeah, thats what I actually had and it still won't connect. Client keeps going into pasv mode and then tries a random port.
 
Old 02-21-2006, 06:09 PM   #10
jcliburn
Member
 
Registered: Dec 2003
Location: Mississippi, USA
Distribution: Fedora
Posts: 435

Rep: Reputation: 33
Here are all the options I have set in my vsftpd.conf.
Code:
[root@petrel vsftpd]# grep -v "#" /etc/vsftpd/vsftpd.conf
anonymous_enable=NO
local_enable=YES
write_enable=YES
local_umask=022
dirmessage_enable=YES
xferlog_enable=YES
connect_from_port_20=YES
xferlog_std_format=YES

pam_service_name=vsftpd
userlist_enable=YES
pasv_max_port=11001
pasv_min_port=11000
I run vsftpd from within xinetd. Here's the relevant xinetd conf file.
Code:
[root@petrel xinetd.d]# cat /etc/xinetd.d/vsftpd
# default: on
# description:
#   The vsftpd FTP server serves FTP connections. It uses
#   normal, unencrypted usernames and passwords for authentication.
# vsftpd is designed to be secure.
service ftp
{
        flags                   = IPv6
        socket_type             = stream
        wait                    = no
        user                    = root
        server                  = /usr/sbin/vsftpd
#       server_args             += local_enable=YES
#       server_args             +=
#       log_on_success          += DURATION USERID
#       log_on_failure          += USERID
        nice                    = 10
        disable                 = no
}
On the client side, I use unkerberized ftp (not the one in /usr/kerberos/bin). When you type "which ftp", what is returned?
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
FTP permissions jeucken Linux - Networking 11 01-09-2006 07:44 AM
FTP Permissions varunbihani Linux - General 2 03-24-2005 10:34 AM
ftp permissions race Linux - Networking 0 01-15-2004 02:33 PM
Permissions on FTP ntloser Linux - Security 1 12-28-2003 01:10 PM
FTP Permissions Wynd Linux - General 4 11-04-2003 09:53 PM


All times are GMT -5. The time now is 01:27 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration