FTP and Apache permission issues

linux apache-2.2 ftp file-permissions
20,311

Solution 1

This is what groups are for.

You can add the ftp user to the apache group, and vice-versa. Or, even better, you could add them to a third group that you create specifically for this purpose.

e.g.

# groupadd mygroup
# useradd -G mygroup ftp
# useradd -G mygroup apache
# chown -R :mygroup /var/www
# chmod -R g+rw /var/www

Those commands do the following:

  1. Creates new group 'mygroup'
  2. Adds ftp user to mygroup
  3. Adds apache user to mygroup
  4. Recursively grants group ownership to contents of /var/www/ to mygroup
  5. Recursively grants group read & write perms to contents of /var/www/

You just need to make sure that files added in the future belong to the 'mygroup' group and have the appropriate permissions for both apache and ftp to read/write them.

Solution 2

Most of your content should be owned by a user other than apache. Assuming your use FTP to update your content, you can set all the files to be owned by ftp:apache. I would suggest using SCP for SFTP instead of ftp. Files should have permissions 644 or 640 and directories permissions 755 or 750.

For files and directories the application needs to write to add group write access.

Share:
20,311

Related videos on Youtube

ray
Author by

ray

Updated on September 17, 2022

Comments

  • ray
    ray over 1 year

    Im having issues as to which user should own my www directory - ftp or apache? When set to the ftp user, the user can add, remoe and easily modify files but php file system actions generate permission denied errors (ofcourse because they require the user to be apache). If however, the www directory is chown to apache, the ftpuser wont be able to perform some actions like file modification and deletion. Any one ever encountered similar issue? What's the fix? Thanks

  • cpl593x
    cpl593x over 13 years
    Combining "find /var/www -type d -print0 | xargs -0 chmod g+s /var/www" with a umask of 002 will ensure that new files and directories in /var/www inherit the appropriate group and permissions for the group to have r/w access. Many Linux distributions now default to a umask of 002 (the same ones that default to creating a new group for every new user)
  • user9517
    user9517 over 12 years
    PHP safe mode is there for a reason. Turning it off isn't a good idea at all.
  • nick
    nick over 8 years
    Lines 2 and 3 won't work if the users already exist (on CentOS 7). In this case use usermod e.g. usermod -G mygroup ftp
  • GTodorov
    GTodorov almost 8 years
    Simple, self-explanatory, understandable! Perfect! Thanks, @hobodave!

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Ubuntu - FTP file edit permission denied
How can I set the default permissions mode on files uploaded via FTP to 775?
VSFTPD Config for Upload of Files
Enable apache to fopen/write in a directory?
How to change ftp path?
Owner of uploads directory is `www-data` but this prevents FTP access via PHP scripts
What's the best way of handling permissions for Apache 2's user www-data in /var/www?
Using wget to download select directories from ftp server
FTP command to List only directories. Impossible?
Samba file sharing on Ubuntu doesn't mask or force permissions for new files