2

I'm trying to setup a user in centos that can read/write/delete/etc files in the /var/www/html directory. With some help here I got the user able to log on and view files, but now they cannot upload/delete etc.

I created a user 'ftpuser' with a UID/GID of 500, a valid shell /bin/sh and a home directory of /var/www/

I changed the owner of /var/www/html to ftpuser.ftpuser [& tried 0777ing it as well]

That user should be able to read/write/del files in the /var/www/html/ directory.

here is the proftpd config:

ServerName                      "ProFTPD server"
ServerIdent                     on "FTP Server ready."
ServerAdmin                     root@localhost
ServerType                      standalone
DefaultServer                   on
VRootEngine                     on
#DefaultRoot                    ~ !adm
DefaultRoot                     /var/www/
VRootAlias                      /etc/security/pam_env.conf etc/security/pam_env.conf
AuthPAMConfig                   proftpd
AuthOrder                       mod_auth_pam.c* mod_auth_unix.c
#PersistentPasswd               off
UseReverseDNS                   off
User                            nobody
Group                           nobody
MaxInstances                    20
UseSendfile                     off
LogFormat                       default "%h %l %u %t \"%r\" %s %b"
LogFormat                       auth    "%v [%P] %h %t \"%r\" %s"

# Global Config - config common to Server Config and all virtual hosts
# See: http://www.proftpd.org/docs/howto/Vhost.html
<Global>
  Umask                         022
  AllowOverwrite                yes
  <Limit ALL SITE_CHMOD>
    AllowAll
  </Limit>
</Global>

<Directory /var/www>
        AllowOverwrite          yes
        <Limit ALL>
                AllowAll
        </Limit>
</Directory>

<Limit LOGIN>
AllowUser ftpuser
DenyALL
</Limit>

I don't know why this won't work. Does anyone see what I am doing wrong?

Castaglia
  • 3,349
  • 3
  • 21
  • 42
Sean Kimball
  • 869
  • 1
  • 8
  • 24

1 Answers1

1

It sounds like SELinux got in your way here. If you do not want SELinux preventing ftp from writing files anywhere on the system you need to turn on the allow_ftpd_full_access boolean. First of all, check if it's currently enabled or disabled by running:

getsebool allow_ftpd_full_access

If it tells you that it's off, enable it with this command (it can take a minute or so to be applied throughout your system, so be patient):

setsebool -P allow_ftpd_full_access=1

Additionally, because you set the homedir of your user to /var/www, you will also need to set the ftp_home_dir setting to On.

setsebool -P ftp_home_dir=1

When you set the homedir, the user_home_t security context was probably also set on /var/www. Set it to something more public like httpd_sys_content_t or public_content_rw_t. You can use chcon for this.

chcon -R -t httpd_sys_content_t /var/www

Restart your FTP server after applying these settings and you should be good to go.

See this documentation if you'd like some futher in-depth information.

Oldskool
  • 2,025
  • 1
  • 16
  • 27