2

I'm trying to setup a user in centos that can read/write/delete/etc files in the /var/www/html directory. With some help here I got the user able to log on and view files, but now they cannot upload/delete etc.

I created a user 'ftpuser' with a UID/GID of 500, a valid shell /bin/sh and a home directory of /var/www/

I changed the owner of /var/www/html to ftpuser.ftpuser [& tried 0777ing it as well]

That user should be able to read/write/del files in the /var/www/html/ directory.

here is the proftpd config:

ServerName "ProFTPD server" ServerIdent on "FTP Server ready." ServerAdmin root@localhost ServerType standalone DefaultServer on VRootEngine on #DefaultRoot ~ !adm DefaultRoot /var/www/ VRootAlias /etc/security/pam_env.conf etc/security/pam_env.conf AuthPAMConfig proftpd AuthOrder mod_auth_pam.c* mod_auth_unix.c #PersistentPasswd off UseReverseDNS off User nobody Group nobody MaxInstances 20 UseSendfile off LogFormat default "%h %l %u %t \"%r\" %s %b" LogFormat auth "%v [%P] %h %t \"%r\" %s" # Global Config - config common to Server Config and all virtual hosts # See: http://www.proftpd.org/docs/howto/Vhost.html <Global> Umask 022 AllowOverwrite yes <Limit ALL SITE_CHMOD> AllowAll </Limit> </Global> <Directory /var/www> AllowOverwrite yes <Limit ALL> AllowAll </Limit> </Directory> <Limit LOGIN> AllowUser ftpuser DenyALL </Limit>

I don't know why this won't work. Does anyone see what I am doing wrong?

Improve this question

1 Answer 1

Reset to default
1

It sounds like SELinux got in your way here. If you do not want SELinux preventing ftp from writing files anywhere on the system you need to turn on the allow_ftpd_full_access boolean. First of all, check if it's currently enabled or disabled by running:

getsebool allow_ftpd_full_access

If it tells you that it's off, enable it with this command (it can take a minute or so to be applied throughout your system, so be patient):

setsebool -P allow_ftpd_full_access=1

Additionally, because you set the homedir of your user to /var/www, you will also need to set the ftp_home_dir setting to On.

setsebool -P ftp_home_dir=1

When you set the homedir, the user_home_t security context was probably also set on /var/www. Set it to something more public like httpd_sys_content_t or public_content_rw_t. You can use chcon for this.

chcon -R -t httpd_sys_content_t /var/www

Restart your FTP server after applying these settings and you should be good to go.

See this documentation if you'd like some futher in-depth information.

Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.