My web files are located in /var/www/html/example.com/web/
Permissions are:
drwxr-xr-x 20 root root 4096 Aug 13 18:22 var
... same for www and html ...
drwxr-xr-x 4 root root 4096 Aug 13 18:22 example.com
drwxr-xr-x 10 apache root 4096 Aug 13 18:22 web
I have an FTP user "ftpuser" but I don't want them to be able to access any of the files in /var/www/html/
However, if I try chmod o-rx on ANY of the parent level folders, it gives a 403 Forbidden error, even though the user Apache still has RX permissions on web.
How can I stop ftpuser from changing into those directories and reading the files, without blocking access from users visiting through a browser?
Note - the strange thing is I have another server setup similarly, where I simply did chmod o-rx on the example.com folder, and everything remained web accessible.
You have a few options, but what I would do is install suPHP, if my assumption that you're using Apache is correct; if not, I hope my answer gets you on the right path anyway.
It allows you to run PHP scripts as non-web-server users. You can then tell the FTP server to lock users in their $HOME, and move the DocumentRoot into ftpuser's home folder. You haven't mentioned which Linux distribution you're using, but here is a guide for installing in Ubuntu, and here is one for CentOS 6.
The other options involve messing with ftpuser's home folder location, and I'd avoid it for standardisation reasons - suPHP will do the job perfectly, and without messing with your system configuration unduly.
The only important thing to note with suPHP is that the permissions must be 100% correct, or you'll get server errors. I can't post more than 2 links yet, so just Google "fix suphp permissions" and choose the "piyecarane.wordpress.com" pagge (first link for me currently).
just set the webserver (apache,www,www-data, whatever it is on your distro as owner)
(Those commands should give exactly what you asked for. I'm not convinced it is what you want as it denies ftpuser any access at all to any files even remotely related to public serving...
if you want ftp user to have access to:
/var/www/html/example.com/web/then run the above commands and then the following:These are not perfect permissions but they should be close to getting the job done. (and you will probably have to grant ftpuser rx on all parent directories of:
/var/www/html/example.com/web/This question is probably better suited for super-user or linux
From your posted permissions, I am guess you just need to
chown -R apache:roottheexample.com/directory then dochmod o-rxto strip access from everyone but the webserver (and root). Your final alternative involves extended attributes (like ntfs permissions).