So, I wanted a master ftp user that could access all the folders for all the users. I did this by creating a second root user. I'm aware of all the security considerations, and if there's a better way to do this than creating a root user I'd really like to know it. That said, my issue is that my new root user is still unable in FTP to access folders owned by other users that aren't world readable. Note that this is ONLY when logging in via ftp. If I login through SSH I can access all folders without problem and without the need to sudo. So this is a true root user. Does anyone have an idea how I can fix the proftpd configuration to allow my root user access to ALL folders no matter the owner?

I guess my question is why in the world would you want to allow this? Maybe if you give us a bit more on what you're trying to accomplish, we might be able to suggest a better solution.


Actually, I doubt you do because since FTP transmits passwords in clear text, you've just opened an ENORMOUS security hole in your machine. Particularly if your SSH access is username/password based.

Because I run a managed webserver. My company manages all the sites on the server, but to be able to use quota functionality and a number of other things each site has to be it's own virtual host. However, we want to be able to manage these sites with a single FTP login instead of having to use a separate login for each VH.

As I understand it, if I go through an SSH tunnel this shouldn't be a problem.

You want to run FTP through an SSH tunnel? Yeah, that should work, but managing the ports will be kind of a pain.

So rather than creating a new root user, why don't you put all the site users in their own group (say, httpusers) and make their directories read/writable by that group? That would avoid the security problems of allowing a root login.