0

Our developers WinSCP/Putty and have a dev user on our web-server. The site directory they are working on is owned by apache, that restricts them to overwrite files through FTP/SFTP as dev. I have added the dev user to the apache group, yet it doesn't help. Even though they have root privileges they can't sudo -s through a FTP client. If I log them in with root through WinSCP I don't find an option to only restrict them to that specific directory. How can I solve this issue in a good way?

nicoX
  • 611
  • 9
  • 18
  • 1
    You might want to check wether the Apache group has write permissions to the directory in question. – Markus W Mahlberg Sep 25 '14 at 09:28
  • Also check the config of the FTP server. It may do stuff with ownership that affects this. – Jenny D Sep 25 '14 at 09:28
  • Also, there's the option of using an ACL instead of/in addition to group permissions. See e.g. http://serverfault.com/questions/629620/how-to-make-nginx-to-ignore-file-permissions/629762#629762 – Jenny D Sep 25 '14 at 09:29

1 Answers1

1

It could be that the apache group doesn't have write permission to the folder, check:

ls -l /folder path

if you see something close to rwxr-xr-x, then group only has read+exec on folder, use:

chmod 775 -Rf /path to your folder

in order to recursively add write permissions to folder group, hope this helps!

Set apache as the group owner of the site directory:

chown :apache -R folder/

nicoX
  • 611
  • 9
  • 18
mmokh
  • 88
  • 5
  • My site directories are *drwxr-xr-x* and the site is owned by root. Should I change it to *apache*? – nicoX Sep 25 '14 at 10:38
  • 1
    You can keep owner as root, but change group owner to apache using chown :apache -R /folder. Now you can change group permission as I have mentioned in my answer above. Since your dev user is part of the apache group, user should acquire same permissions as group, which will allow write through FTP/FTPS when connected using dev user. – mmokh Sep 25 '14 at 12:09
  • Note: once you change the group permission, run another ls -l on folder, you should see permissions changed to drwxrwxr-x. – mmokh Sep 25 '14 at 12:16