Controlling ftp access with vsftpd
If you need to get the write permission for your user account in /var/www/ particular user want to be a member of apache or www-data group according to your operating system.
write_enable=YES
Only use this if you have added a user with web root directory as it home directory
allow_writeable_chroot=YES
Related videos on Youtube
Brian Gradin
Updated on September 18, 2022Comments
-
Brian Gradin over 1 year
I had vsftpd set up such that I was able to upload files to a VPS I set up. The only problem is that I could not create directories. I set up vsftpd to disallow anonymous users, but allow virtual users to connect with their local credentials. At this point, the error message when I tried to create a folder changed from '550: Create directory failed' (I'm paraphrasing) to '550: Permission denied'. root owns the /var/www folder, and user with which I was authenticating had read and execute permissions but not write, so it makes sense that I wouldn't be able to create folders or files.
At this point I tried using chown and chmod to recursively change the group ownership to a group that my user was in and give my user write permission. This seemed to work at first - in the SSH session, I was able to cd to /var/www and create a new directory. However, when I tried to log in with my ftp client, I was now denied access.
What's even weirder is when I checked /var/log/vsftpd.log, I see the following lines:
Mon Jan 5 00:03:25 2015 [pid 801] CONNECT: Client "73.53.82.111" Mon Jan 5 00:03:25 2015 [pid 800] [gradinafrica] OK LOGIN: Client "73.53.82.111"
...even though the login doesn't seem to work. What's going on?
EDIT (more info): OS: Ubuntu 14.04 Architecture: Virtual private server (?)
When I set up the server, I disallowed logging in as root (as recommended by multiple sources) and set up a different user - 'gradinafrica' - which I added to the sudo group. I'm attempting to use this account for ftp. I haven't worked with sftp at all.
Here's the contents of vsftpd.conf (comments omitted):
listen=YES anonymous_enable=NO local_enable=YES virtual_use_local_privs=YES anon_upload_enable=YES dirmessage_enable=YES use_localtime=YES xferlog_enable=YES connect_from_port_20=YES chroot_local_user=YES local_root=/var/www/ secure_chroot_dir=/var/run/vsftpd/empty pam_service_name=vsftpd rsa_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem rsa_private_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
-
Babin Lonston over 9 yearsProvide which operating system you using, version, arch, Did you have a separate user for ftp, sftp ?
-
Babin Lonston over 9 yearsanonymous_enable=NO then why should you have to use anon_upload_enable=YES ?
-
Brian Gradin over 9 yearsForgot to comment that out. I am, as I mentioned, a complete newb :)
-
-
Brian Gradin over 9 yearsA combination of adding 'gradinafrica' to 'www-data' and adding 'allow_writeable_chroot=YES' seems to have worked. Thanks!
-
PhoneixS over 8 years@Infected Root can you explain a little more about
allow_writeable_chroot=YES
? I searched but I can't find any documentation about it.