Home / server / Questions / 188966
Accepted
Mathnode
Asked: 2010-10-09 02:28:08 +0800 CST

Let users write to /var/www via ftp on debian running vsftpd

  • 772

One of our dev boxes runs debian and VSFTPD, and I would like to allow a few select users to write to /var/www/testsite and its sub directories.

They can browse to /var/www via a symlink in their home directories, but they can't write. It doesn't matter if it's using FTP or SFTP.

Any ideas? I find this problem difficult to google.

linux ftp vsftpd sftp

2 Answers

  1. Best Answer

    What are your permissions on /var/www/ and /var/www/testsite/ ?

    My suggestion is to give /var/www/testsite/ a group such as testsiteGroup, make sure /var/www/testsite has rw permissions for group and then add the users to group testsiteGroup.

    chgrp -R testsiteGroup /var/www/testsite/ 
chmod g+w /var/www/testsite/ 
usermod -a -G testsiteGroup # this wil be done for each user, and the -a is critical 
                            # the -a appends group to users groups, without -a you will
                            # be replacing the users groups with the one listed
    • 3

  2. If you use full authentication through SFTP (you should, for accounting) then vsftpd will use user's permissions to modify files.

    Because of this there are two solutions:

    • add users to group under which the web server is running (usually www-data or www)
    • use ACLs and add default ACLs to directories in /var/www, this is much more fine-grained, but the partition needs to be mounted with acl flag

    If you use anonymous access or FTP (which is by nature insecure), I'd strongly suggest going the second route.

    • 1