Giving FTP User Web Root Directory Access
 

This is my first post so please bear with me as I am also new to Linux. I hope that I posted this thread under the right section.

First, what I am trying to do. I am creating a web server using a minimal install of CentOS 6.6. I have all of that up and running. But I would like to set up the server so that when an FTP user logs in they go directly to the web root directory.

I have set up the ftp server using vsftpd, I was able to create a user with the home directory /home/ftp-docs. I set up permissions to allow said user to log in and read/write/execute to that directory. That all went well and I was able to use filezilla on a remote computer to login and add/remove a test file. As I mentioned before I am new to Linux so I used online tutorials to help me along the way.

Then, I tried to create a user [josh] with the home directory the same as the web directory (ex. /var/www/domain.com). I can use the remote filezilla to log in to the server, but I cannot add/remove files or even see the files already located in the directory. When I try to add a file filezilla returns the response

Response: 553 Could not create file
Error: Critical file transfer error

I have seen this error before in the past, which was quickly resolved by changing user permissions. But this time it’s not working.

I changed the permissions of the directory:

chown –R josh /var/www/domain.com

and

chmod 777 /var/www/domain.com.

I understand that a chmod of 777 is probably not recommended for the web root for a server, but I used 777 to try and remove any restrictions. The server has a private ip and isn’t live so I am not concerned with hackers at the moment. I double checked the permissions using ls –l and verified that the user had read/write/execute permissions.

I think the issue is caused by permissions but I can’t seem to figure out what I am missing. I even tried using chmod on different directories (ex. /var and /var/www). Another thought I had is that the issue lies within the ftp service itself. Maybe the service is missing a command for the /var/www/domain.com directory. So I checked the vsftpd.conf file to see if I noticed anything but nothing sticks out.

Below is a list of all the settings uncommented in the vsftpd.conf file (shortened for brevity).

anonymous_enable=no
local_enable=YES
write_enable=YES
local_umask=022
dirmessage_enable=YES
xferlog_enable=YES
connect_from_port_20=NO
xferlog_std_format=YES
chroot_local_user=YES
listen=YES
pam_service_name=vsftpd
userlist_enable=YES
tcp_wrappers=YES

I’m not sure if this is a typical issue, maybe I need to just reinstall and start from scratch. I am hoping someone can provide some helpful insight to my situation. I am sure there is a simple solution, but I am growing weary of scrounging for the answer, which is typically what I do.

I have read up on permissions online, so I know what the numbers in the chmod command represent. But I have another question about permissions. I will use my situation as an example. If I give a user a home directory of /var/www/domain.com and I also give the user permissions to read and write to that directory, do I have to set up similar permissions for the /var and /www directory that the /domain.com directory is located in to sort of set up a path. Or is giving the user permission for the specific directory /var/www/domain.com adequate? Everything I have read explains how to set up permissions but usually it’s for a directory located in /home (ex. /home/ftp-docs).

Thank you for taking the time to read my thread. Any comments, suggestions, and constructive criticism is welcomed!

Hello,

Forgive me if I have missed something as I have quickly read your post. Personally I would:

1. Reset the permissions of the web root folder back to what they were.
2. Upload all web pages to the original location /home/ftp-docs
3. Set a cron job to automatically copy / transfer all /home/ftp-docs to the web root folder at a specific time - preferably as late in the day as possible - this gives you time to make amendments to the transferred files if any errors are discovered before they are made live / visible to your target audience)

Changing the permissions on the web root folder opens up a potential can of worms in terms of hackers dropping and then executing malicious scripts on the web server (when you do eventually open it up to your target audience).

Regards,

Rawcous

I will try what you recommended
 

Thank You for the quick reply rawcous!

I messed something up and am no longer able to gain access to the server via ssh. I doubled checked the ssh_config file and iptables but everything looks normal. I think I messed it up when I was screwing around with permissions.

So I am going to do a complete reinstall of the server. I was planning on doing this anyways, but I was hoping to have all my issues fixed before doing so.

With the new install all the permissions will be reset so that takes care of #1. After I install the services and get the server back up and running I will start on creating a cron job to transfer the files as you mentioned.

Once that is done I will update this thread.

Thank You again, your advice is greatly appreciated!

The cron job did the trick!

I created a cron job to run rsync. Which copies the files from /home/ftp-docs to /var/www/domain.com.

I first set it up with a specific time so I could make sure the cron worked correctly. After I verified that the files were copied over I reset the cron job to run at midnight.

Once again Thank You for your reply. I am still learning the fun world of permissions and what not to do but you (rawcous) saved me numerous hours of banging my head against the wall!

Thanks!