NGINX, FastCGI PHP with FTP Access, How to setup users/permissions?

permissions ftp user-accounts nginx
8,304

First things first, setup separate Unix accounts for each user. Associate those accounts with the FTP server. Although really, you should use Secure FTP via SSH. With newer versions of OpenSSH, you can setup "SFTP-only" accounts that are Chrooted into that user's home directory. Bam! Now you have users securely logging into their own home directories with no visibility to the entire file system. Files are written using their own user/group permissions.

Then, you can setup FastCGI to run with individual user permissions. It looks complicated, but there is a tutorial available here: How to setup FastCGI with Individual Permissions

This is probably the best approach (albeit the most complex) if you are trying to setup shared hosting for various users, especially if they are "untrusted" users. In this way, no one will be able to use PHP scripts to mess up each other's files.

If you can live with the fact that a user can maliciously access another user's files, you can continue to let FastCGI run as www-data. Then, when you setup each user's home directory, make the files owned by www-data GROUP. Then, set the switch bit in chmod (i.e. chmod 2770 instead of just 770). This will force newly created files to inherit the www-data group owner and allow FastCGI to read/write them.

Phew! That was long-winded. Let me know how it turns out by posting a comment here!

Share:
8,304
mayank
Author by

mayank

Updated on September 17, 2022

Comments

  • mayank
    mayank over 1 year

    I have been playing around with Ubuntu, NGINX, PHP, etc. recently.

    I want to be able to setup FTP and user(s) ... the problem I am having is that FastCGI PHP runs under www-data (user) but when logged in via FTP via a general user account (farinspace) The files are written using farinspace as owner/group ...

    currently I am using vsftpd but think pureftp will fit the bill better for auto setting file permissions on upload.

    What is the best way to properly setup FTP, be able to have multiple FTP user accounts and properly/securely set file permission for the users, while allowing PHP to have full read/write access to the files/directories created by an FTP user?

  • mayank
    mayank about 13 years
    thx for the info, what i currently dislike about the pools is that it simply stands around just wasting memory. Really the only thing needed is the ability to run php as a different owner per vhost
  • Colm Troy
    Colm Troy almost 13 years
    yeah agreed - at the moment it's a little bit inefficient alright - i'm sure the pool process management logic will evolve in the future to only start when required - hopefully!

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Ownership and permissions for nginx local webserver
Error: "user" directive makes sense only if the master process runs with super-user privileges
How to run an nginx container as non root?
Having permission problems with XAMPP
Restrict user to a directory vsftpd
User access to FTP and at same time set www-data as owner/group
How to give a specific user access only to a specific folder and its contents?
Default file permissions for php user www-data
Give ftp users access to directories outside their root using symlinks
Configuring Permissions for FTP and Apache