www-data
Hi all
I know this question has come up so many time's any one care to point me to a fix to get this issue fixed, I've reinstalled my system ( Ubuntu 9.10 command line server ) server is next to me on the floor, I use another PC Ubuntu desktop 9.10 to gain access I have installed a LAMP server with vsftpd, ssh, imagemagick, php5-gd, I'm planning on running on this server Joomla, Wordpress, Gallery, webmin the only user that has been added is the admin user when you frist install the system, and sudo has not yet been changed, I use sudo for access to root as in sudo apt-get update All i want to do is use a FTP program like gFTP or a win app on wine called winscp to upload files to /var/www to be able to run my site So is there any fix to this problem that alot of people seem to be having I would love to know |
Create a webdev user on the server; use scp (part of ssh pkg) to txmit files from the client to the server on that user eg
client:/home> scp file webdev@server:/home If you add webdev user to the same group as the owner of var/www/ eg apache then add group write access to that dir path, the webdev user will be able to copy from his home dir to the /var/www. In fact, you should be able to scp direct from the client system to that dir as webdev user. Don't know if Ubuntu has SELinux service; if so you may(?) have to change the context as well, but let's try the above first. |
You have apache installed.
Why not make use of that fact and change the directory for the web root. (default site) As admin, create directories in admins home directory like the following www www/html www/cgi-bin Make sure they all have permissions of 755 edit /etc/httpd/conf/httpd.conf as root find the line Code:
DocumentRoot "/var/www" Code:
DocumentRoot "/home/admin/www/html" Code:
<Directory "/var/www"> Code:
<Directory "/home/admin/www/html"> If you want to run cgi scripts go down until you find Code:
ScriptAlias Code:
ScriptAlias /cgi-bin/ "/home/admin/www/cgi-bin/" Code:
<Directory "/home/admin/www/cgi-bin"> When you've done all those lines, save the file and restart apache. You can now login over ftp using admin as the user name and whatever admins password is. It doesn't have to be admin. It can be any user you want to create for the purpose. Just replace admin with the correct user name in the above instructions. If you want to access the web server by another domain name (separate site) then you have to add a virtual host to httpd.conf with that domain name. There are examples in the file. The default site is the one that will come up if you don't specify a virtual site. Technically, every user on the server could have their own web site and domain names. |
Thanks smoker
I don't use cgi myself in fact I never have, I do have subdomains so that wont change any thing will it when i add them in. Thanks for the tip, that sounds alot easier to do. TT ( karl ) |
sub domains can be done as virtual hosts.
Example virtual host section in httpd.conf Code:
<VirtualHost *:80> |
Quote:
Code:
/etc/httpd/conf/httpd.conf Code:
/etc/apache2 Code:
/etc/apache2/sites-enabled/000-default Code:
/etc/apache2/sites-available/default Code:
/etc/apache2/sites-available/default-ssl TT ( karl ) |
Quote:
TT ( karl ) |
Smoker, it did work, but I now have lost awstats and webalizer as well, I know you have tried to help, but I would rather try and get my user to upload to the original path instead ( /var/www )
TT ( karl ) |
webdev; just a generic made up name for a web development user ie you...
Actually, an acl would be more secure; no need to allow the group to write to those dirs: Code:
setfacl -m d:u:youruser:rw /var/www |
I see
I've reset apache2 back to /var/www the group that has that path is www-data and its group is www-data going by details in webmin My only user which is admin, EG: my nick has the same group as the nick EG: tommytomato I've tried before to add tommytomato to the www-data group and I wasn't able to write to the directory and tommytomato home directory is /home/username TT ( karl ) |
Basically, apache installs as someuser:somegroup. This varies on different distros and I don't have Ubuntu.
If you go from a fresh install of apache, you can do ls -l /var/www to see what the default ownership & group is. As I said, no need to allow apache to write to those dirs (for security). Add an acl to allow your user to write there. If you cat /etc/passwd you can see current registered users info. |
/var/www is owner by root and its group is root too from I can see
Code:
ls -l /var/www Quote:
TT ( karl ) |
Post #30 on that page shows how to setup the partition for acls; except use the acl format of mine above. It ensures that all files/dirs get acl set (d = default). Read that man page link of mine first.
See also http://rute.2038bug.com/index.html.gz http://www.linuxtopia.org/online_boo...ion/index.html - RHEL, but concepts are same as are most cli cmds. |
I read that stuff and It don't make alot of sence right now, but I gave it a shot.
I edited the file sudo vim /etc/fstab and I added acl to the line Code:
UUID=00a855d6-4164-4d31-8f8f-9920870dc190 / ext4 errors=remount-ro,acl 0 1 Code:
sudo mount -o remount,acl / Code:
sudo setfacl -m d:u:tommytomato:rw /var/www TT ( karl ) |
Are you sure that SELinux is disabled for vsftpd?
|
I'll have a look at the vsftpd.conf file now
TT ( karl ) |
See if write option is enabled or not, look for this entry:
Quote:
|
Quote:
I read that the path is Code:
/etc/selinux/config Code:
selinux: |
To view selinux is enabled or not, run this command:
Quote:
|
Quote:
Code:
sestatus vsftpd is like so Code:
# Example config file /etc/vsftpd.conf How do I undo what I did before Code:
sudo setfacl -m d:u:tommytomato:rw /var/www I found vid about acl's Here's what I've learnt to create a new group Code:
sudo groupadd menewgroup Code:
sudo useradd -Gmenewgroup newuser Code:
sudo passwd newuser then mount Code:
sudo mount -o remount / Code:
sudo setfacl -Rdm g:menewgroup:rwx var/www I'm still lost but I'm giving it ago and trying to under stand it TT ( karl ) |
I can see this line in vsftpd.conf:
Quote:
You can see the effective acl in the folder with the following command: Quote:
Quote:
|
Cheers for that
So does one need to install SELinux for this to happen does what I've learnt make any sense, I haven't actually done it yet, I write it all down on paper to try understand it better first then hit the command line, I'm trying to keep the system as clean as possible with installing to many programs TT ( karl ) |
No, you don't need selinx to make it work.
By the way, which is the error gftp is throwing when you are trying to upload? There should be an error no, like 553 or 550. |
Its a 533 Sayan
TT ( karl ) |
Quote:
TT ( karl ) |
when running this command
Code:
#sudo setfacl -x u:username /var/www Code:
tommytomato@rockinghamgateway:~$ sudo setfacl -x u:tommytomato /var/www |
As you have created the acl with d: its still there with the default option, use this instead:
Quote:
|
Quote:
so the d stands for default ? TT ( karl ) |
Well I dont know whats going on at all, I did what I learnt, it did even create its home directory the new user is not able to login via FTP at all
comes up with a 500 error TT ( karl ) |
Can you please post the permissions of /var/www directory?
Here is the permissions assigned to the directory of my system which is used by user h11 to upload files with gftp: Quote:
Its working fine in my system, see if you can get some ideas from this. |
I'm not sure but is the sudo command not working, it created the group and user using sudo, or should I sudo passwd and try that way ?
TT ( karl ) |
Quote:
Code:
tommytomato@rockinghamgateway:/var/www$ ls -l TT ( karl ) |
drwxr-xr-x+ 3 root root 4096 2010-03-19 07:24 www
Here the owner and the group is assigned as root thats why its not letting other users to write on it, change it to ftp, use this command: Quote:
|
Quote:
Quote:
|
I'm out of options right now, I'll look in to it and if I can come up with something I'll let you know.
|
No probs, I haven't installed any thing but what i said about the lamp, only changes I have made are from this post were chatting on, I used to use root all the time when I had the system up and running on Ubuntu 9.04 but we had a bad power hit here at home and it killed by server box, so I got another one and put on Ubuntu 9.10, I undo what I've done and set it back to default with the admin user only..
TT ( karl ) |
All times are GMT -5. The time now is 11:09 AM. |