0

I am installing a proftpd server on a debian dedicated server, In order to be able to update some website files in this folder : /var/www/website

I have added a new user : my-ftp-user This user's root is /var/www/website, but the owner HAS TO be apache2 (www-data).

So I changed the user's groups :

usermod -a -G ftpuser my-ftp-user
usermod -a -G www-data my-ftp-user

The permissions of folder /var/www/website are currently 755. The subfolders are also in 755 mode, but the subfiles are in 644 mode.

If I am right, my-ftp-user should now be able to add, edit, remove files in /var/www/website, am I not ?

$ su my-ftp-user

$ cd /var/www/website

$ ls -la

drwxr-xr-x  5 www-data www-data  4096 juil. 30 13:47 .
drwxr-xr-x 22 root   www-data  4096 juil. 30 13:36 ..
-rw-r--r--  1 www-data www-data   418 juil. 28 18:39 index.php

$ cat index.php // WORKS

$ touch test.txt // DOESN'T WORK : permission denied, why ?
Improve this question
2
  • What is the group that owns /var/www/website ? Commented Jul 30, 2014 at 12:05
  • The apache group www-data Commented Jul 30, 2014 at 12:13

1 Answer 1

Reset to default
1

The reason for EPERM (the permission denied error ) is here:

drwxr-xr-x  5 www-data www-data  4096 juil. 30 13:47 .

The directory where you are trying to create a file (in other words change contents of the directory-file) is writeable only for user www-data, which you are not.

Either mark the directory as writeable for the group, change the user to www-data (or change the owner to my-ftp-user) or (probably the best solution) use extended ACLs with the setfacl command.

Improve this answer
5
  • Okay, so I guess I have to change the rights to 774 or something ? Is there any way to make a difference between folders and files with chmod ? For instance, to change to permissions to 775 for folders and 664 for files ? Commented Jul 30, 2014 at 12:14
  • Files usually don't have the execution bit set - that is intended for executables only. For directories the executable bit controls whether it is possible to traverse that directory - so it is usually a good idea to set it whenever the read bit is set. Commented Jul 30, 2014 at 12:17
  • As for changing it to 0775: using extended ACLs (if your file system supports them) is better security-wise, since it limits the number of possible writers. You may need to tweak the default ACLs as well, if you need to create directory hierarchies with such user, though. Commented Jul 30, 2014 at 12:22
  • I am not a system admin at the beginning, just a developer, and I do not know anything about the system, so I guess I would not try to manage extended ACL, even if it seems to be a very good solution ; I only had a small need, there will not be more users hierarchies at the moment, so I think "chmod" is enough for my needs. And as there are really few accesses to this private server, I don't feel really concerned about security anyway, I hope I am not wrong... Commented Jul 30, 2014 at 12:32
  • 1
    @Flo-Schield-Bobby So that explains. group needs also rwx on website directory. You can grant access to the ftp user using setfacl -m u:my-ftp-user:rwx /var/www/website No need for other changes Commented Jul 30, 2014 at 12:46

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.