LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 03-22-2006, 02:33 AM   #1
imsam
Member
 
Registered: Dec 2003
Posts: 64

Rep: Reputation: 15
Need help setting up user that will have FTP access


Hi,

Sorry folks but getting help on a simple matter on Linux is like passing a kidney stone. And yes, I've done a million Google searches and I do have 2 Linux books and still having trouble.

I may be new to Linux but sure am not a newbie when it comes to IT. Been in the industry for 20 years.

My simple question is how do I create a user account and give it FTP access to a web site running on Fedora?

Now, the problem is there are a million shell commands I find on the net. However, none of them really explains what in the world is going on in a simple language.

Here's my thinking... Correct me if I'm wrong.

1. Create a user account, set its password and home directory

2. Give this user FTP access to the directory of the web site

3. Give this user read and write privileges so that he/she can both read the contents of the folder and be able add new files and delete existing ones.

I know how to do step 1. I'm stuck in steps 2 and 3.

Please let me know if this is not the logic I need to follow when creating a user account that will have FTP access to a web site on the server.

Last edited by imsam; 03-22-2006 at 02:34 AM.
 
Old 03-22-2006, 04:56 AM   #2
Agrouf
Senior Member
 
Registered: Sep 2005
Location: France
Distribution: LFS
Posts: 1,591

Rep: Reputation: 79
2/ Which ftp server are you using? For proftpd, read this :http://www.proftpd.org/localsite/Use...ed/chroot.html ; Usually make the directory of the web site the home of the user in /etc/passwd.
3/ The command is chmod. man chmod for more info.

Last edited by Agrouf; 03-22-2006 at 05:02 AM.
 
Old 03-22-2006, 05:14 PM   #3
chr15t0
Member
 
Registered: Jun 2002
Location: London
Distribution: Slackware
Posts: 201

Rep: Reputation: 30
use vsftp - it's the most secure ftp you can find and it's easy to configure as you need.. I've used WuFTP and ProFtp and would definitely recommend vsftp over the others.


christo
 
Old 03-22-2006, 08:51 PM   #4
imsam
Member
 
Registered: Dec 2003
Posts: 64

Original Poster
Rep: Reputation: 15
Don't get it

I just don't understand why people answer what they want to answer and not the question being asked????
 
Old 03-22-2006, 10:23 PM   #5
JimBass
Senior Member
 
Registered: Oct 2003
Location: New York City
Distribution: Debian Sid 2.6.32
Posts: 2,100

Rep: Reputation: 49
Quote:
Please let me know if this is not the logic I need to follow when creating a user account that will have FTP access to a web site on the server
The guys who responded to you were pointing you in the right direction. You are integrating the functions of 2 daemons/processes on your box. You want to give a new user ftp access to the machine, and also the ftp access should be to their website. This can be done any number of ways. Your logic isn't wrong necessarily, but you are stuck in getting things put together. The 2 simplest ways to get this to work would be to configure apache to use the home directory of the ftp user as the location for the root of the corresponding website. That is not enabled by deafault. Peeking through the apache.conf file should hunt the relavent options down. Once that is done, you should lock the user into their home directory through the ftp program. I whole heartedly agree that vsftp is the best ftp server, and suggest its use. Another option would be to make the users home directory be something like /var/www/(sitename), and then you would just have to play with the ownership of each of those directories so the user can upload files, but also make sure what is uploaded is visable through apache.

Since you didn't tell us how you are going about this task (users with normal home directories (/home/user?) or /var/www, and you also didn't mention what ftp server you are running, we are left with an incomplete picture of how you are accomplishing things. We need to know how you want to go about doing things, so we can help. For the most part, it is all in the way you configure the ftp server, and then the way you set apache to deal with the relative home directory. Since you gave no information about either of those points, we somewhat filled in the blanks with suggestions.

Write back with the info I asked for, and we can help you beyond making very generalized suggestions.

Peace,
JimBass
 
Old 03-23-2006, 09:13 AM   #6
imsam
Member
 
Registered: Dec 2003
Posts: 64

Original Poster
Rep: Reputation: 15
Specifics

Jim,

Thanks for your response. I was getting frustrated w/ "recommendations" but I didn't have the basic answers.

I'm using vsftpd and want to continue to use it.

Doesn't it make more sense for me to setup the site in /var/www/web_site and give specific local users access to that directory? This way if a web site has multiple webmasters, local users can still have their local directories.

If it's not too much trouble though, I'd appreciate it if you could give me the solution for both approaches i.e. setting the web site under /home/user as well as giving local users ftp read/write access to /var/www/web_site

Again, thanks for your help and sorry about venting out of frustration.
 
Old 03-23-2006, 11:19 PM   #7
JimBass
Senior Member
 
Registered: Oct 2003
Location: New York City
Distribution: Debian Sid 2.6.32
Posts: 2,100

Rep: Reputation: 49
No problem man. I know all about being frustrated at something not working. Here are the relavent sections of the vsftpd.conf file:

Code:
local_enable=YES
chroot_local_user=YES
That will lock ftp users into their home directory, whatever that is set as. When I ftp into a box with that config, and try to execute something like cd .. or cd /, I can't get anwhere but /home/jim, or a subdirectory thereof.

It is fine to have the sites be in /var/www/web_site, but then if you use the chroot_local_user option in vsftp, you HAVE to make the user's home directory be /var/www/web_site, as they will be locked into their home directory. Doing this means you'll have to be doubly careful with permissions. You will probably make the /var/www/web_site owned by the user of it, and will mainly need to watch out on permissions of things like cgi scripts within the site. If it is just simple html with nothing but displayed info it won't be much work at all, but the more functionality you have on the sites the more work may come into getting it running correctly, as the apache user (www-data by default) will also need to be able to read and execute in many places, and you don't want the permissions too wide open, or somenbody that finds an exploit can have a field day with your box.

It doesn't seem to me that either way I mentioned of doing it has an advantage over another. The users don't have to be people. You couldmake crappysite.org a user, with home directory of /home/crappysite.org, and then all the crappysite.org webmins get access to the home directory. Really seems to be 6 of one, half dozen of another.

If you were to put the sites in /home/user, the part of the /etc/apache2/apache2.conf that needs to be uncommented is this:
Code:
# UserDir is now a module
#UserDir public_html
#UserDir disabled root

#<Directory /home/*/public_html>
#       AllowOverride FileInfo AuthConfig Limit
#       Options Indexes SymLinksIfOwnerMatch IncludesNoExec
#</Directory>
You would pull all of the hashes out so they become used. That would obviously make the location /home/*/public_html a live site.

Good luck with everything, and post back if you hit problems you can't solve.

Peace,
JimBass
 
Old 03-24-2006, 02:47 PM   #8
imsam
Member
 
Registered: Dec 2003
Posts: 64

Original Poster
Rep: Reputation: 15
Still stuck

I set the web site's home directory to public_html within my directory i.e. /home/sam/public_html
I set the access privileges to 744 so that I the owner have full rights and public has read only right to the /home/sam/public_html folder. When I run ls -l, this is what I'm getting:
drwxr--r-- 2 sam root 4096 Mar 24 13:28 public_html

I'm getting the following error trying to access the web site:
Forbidden
You don't have permission to access / on this server.
Additionally, a 403 Forbidden error was encountered while trying to use an ErrorDocument to handle the request.

When I try to ftp into the site, it takes me into a folder I think is the default FTP folder. There's a folder in there called PUB.

I don't get it. In the httpd.conf file, I set the settings to point the web site to /home/sam/public_html

I'd appreciate another push bere. Thanks.
 
Old 03-24-2006, 06:16 PM   #9
JimBass
Senior Member
 
Registered: Oct 2003
Location: New York City
Distribution: Debian Sid 2.6.32
Posts: 2,100

Rep: Reputation: 49
Several things to check out. First and foremost, don't go windows style and do things as root that aren't necessary. The file you pointed to has root listed as the group. That isn't causing it not to appear, but again, only become root when absolutely necessary.

Check the permissions within /home. It is quite possible that /home/sam has 700 permissions, making it invisible. Since you changed your mind and put the files in home rather than /var/www, you need to have all the directories above be visable.

Another thing to do is to look in /var/log/apache/error.log and see what is happening. The great thing of *nix is the excellent logs. You can look in there and see what is happening.

Yes, if you are getting to ftp/pub, then you don't have the chroot option enabled I mentioned. You would either need to move the website root to ftp/pub/whatever or get the chroot happening.

Peace,
JimBass
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Setting User and Access Permissions crunchyuncle Linux - Newbie 7 03-19-2006 12:16 AM
setting up ssh with ftp access Digital Surgeon Linux - Networking 2 12-21-2005 09:14 PM
I lose ftp access when I disable shell access for user captainObvious Linux - General 3 11-13-2004 06:49 PM
need help setting up ftp user accounts and directory structures aikym1 Linux - Newbie 4 07-19-2004 04:17 PM
setting up ftp and remote access Bashkir Linux - General 0 03-27-2001 11:22 PM


All times are GMT -5. The time now is 02:34 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration