[opensuse] ftp permissions
Hi I have setup a vsftpd server and it works fine. Users can login and are chroote'd to their home folders. I have allowed myself to break out of the chroot because I want to manage files under /srv/www/htdocs remotely. But I do not have permissions to do anything there. Stuff under htdocs is owned by root:root on the server but ftp'ing in here it's owned by 0:0. How can I give myself permission to the htdocs folder? Thanks. Lynn -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Wed, 26 Sep 2007, by lynn@steve-ss.com:
Hi I have setup a vsftpd server and it works fine. Users can login and are chroote'd to their home folders.
I have allowed myself to break out of the chroot because I want to manage files under /srv/www/htdocs remotely. But I do not have permissions to do anything there. Stuff under htdocs is owned by root:root on the server but ftp'ing in here it's owned by 0:0. How can I give myself permission to the htdocs folder?
Make htdocs owned by another user. I've setup an 'ftpadmin' user for this. Let htdocs be the (chrooted) home dir of ftpadmin and logged in as this user you can do what you need. Theo -- Theo v. Werkhoven Registered Linux user# 99872 http://counter.li.org ICBM 52 13 26N , 4 29 47E. + ICQ: 277217131 SUSE 10.2 + Jabber: muadib@jabber.xs4all.nl Kernel 2.6.20 + See headers for PGP/GPG info. Claimer: any email I receive will become my property. Disclaimers do not apply. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Theo v. Werkhoven wrote:
Make htdocs owned by another user. I've setup an 'ftpadmin' user for this. Let htdocs be the (chrooted) home dir of ftpadmin and logged in as this user you can do what you need. I didn't follow this entirely. When you created the user, did you just specify that the home dir is /srv/www/htdocs instead of /home/ftpadmin or are you describing something else?
Damon Register -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Thu, 27 Sep 2007, by damon.w.register@lmco.com:
Theo v. Werkhoven wrote:
Make htdocs owned by another user. I've setup an 'ftpadmin' user for this. Let htdocs be the (chrooted) home dir of ftpadmin and logged in as this user you can do what you need. I didn't follow this entirely. When you created the user, did you just specify that the home dir is /srv/www/htdocs instead of /home/ftpadmin or are you describing something else?
The first answer. Theo -- Theo v. Werkhoven Registered Linux user# 99872 http://counter.li.org ICBM 52 13 26N , 4 29 47E. + ICQ: 277217131 SUSE 10.2 + Jabber: muadib@jabber.xs4all.nl Kernel 2.6.20 + See headers for PGP/GPG info. Claimer: any email I receive will become my property. Disclaimers do not apply. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Wednesday 26 September 2007 23:41, Theo v. Werkhoven wrote:
Wed, 26 Sep 2007, by lynn@steve-ss.com:
Hi I have setup a vsftpd server and it works fine. Users can login and are chroote'd to their home folders.
I have allowed myself to break out of the chroot because I want to manage files under /srv/www/htdocs remotely. But I do not have permissions to do anything there. Stuff under htdocs is owned by root:root on the server but ftp'ing in here it's owned by 0:0. How can I give myself permission to the htdocs folder?
Make htdocs owned by another user. I've setup an 'ftpadmin' user for this. Let htdocs be the (chrooted) home dir of ftpadmin and logged in as this user you can do what you need.
Thanks Theo. Just one more question. What group does ftpadmin belong to? Will there be any permission issues if I do that? Will the permissions be preserved? Some need 777, others 666, others 600. Cheers, Lynn -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Thu, 27 Sep 2007, by lynn@steve-ss.com:
On Wednesday 26 September 2007 23:41, Theo v. Werkhoven wrote:
Wed, 26 Sep 2007, by lynn@steve-ss.com:
Hi I have setup a vsftpd server and it works fine. Users can login and are chroote'd to their home folders.
I have allowed myself to break out of the chroot because I want to manage files under /srv/www/htdocs remotely. But I do not have permissions to do anything there. Stuff under htdocs is owned by root:root on the server but ftp'ing in here it's owned by 0:0. How can I give myself permission to the htdocs folder?
Make htdocs owned by another user. I've setup an 'ftpadmin' user for this. Let htdocs be the (chrooted) home dir of ftpadmin and logged in as this user you can do what you need.
Thanks Theo. Just one more question. What group does ftpadmin belong to? Will
I'v also setup an 'ftpadmin' group for this user.
there be any permission issues if I do that? Will the permissions be preserved? Some need 777, others 666, others 600.
The vsftpd I admin chowns incoming files (for virtual users) to UID 'virtual', GID 'virtual'. Every 5 mins a script runs on the files to chown them to 'ftpadmin', so this user can move or delete them. The permissions are not changed. $ tree -dug /srv/ftp/ /srv/ftp/ `-- [ftpadmin root ] virtual |-- [ftpadmin virtual ] AAAA | |-- [ftpadmin virtual ] From_Company | `-- [ftpadmin virtual ] To_Company $ getent passwd ftpadmin ftpadmin:x:111:112:FTP admin account:/srv/ftp/virtual/:/bin/bash $ getent group ftpadmin ftpadmin:!:112: Theo -- Theo v. Werkhoven Registered Linux user# 99872 http://counter.li.org ICBM 52 13 26N , 4 29 47E. + ICQ: 277217131 SUSE 10.2 + Jabber: muadib@jabber.xs4all.nl Kernel 2.6.20 + See headers for PGP/GPG info. Claimer: any email I receive will become my property. Disclaimers do not apply. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
I'v also setup an 'ftpadmin' group for this user.
there be any permission issues if I do that? Will the permissions be preserved? Some need 777, others 666, others 600.
The vsftpd I admin chowns incoming files (for virtual users) to UID 'virtual', GID 'virtual'. Every 5 mins a script runs on the files to chown them to 'ftpadmin', so this user can move or delete them. The permissions are not changed.
Disaster. I changed htdocs to ftpadmin:ftpadmin. I can now ftp perfectly. Alas, I can now see none of my pages via http. Who owns what? Can't Apache serve from whoever owns htdocs? Any advice? Another weekend at work :-( Cheers, Lynn. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Fri, 28 Sep 2007, by lynn@steve-ss.com:
I'v also setup an 'ftpadmin' group for this user.
there be any permission issues if I do that? Will the permissions be preserved? Some need 777, others 666, others 600.
The vsftpd I admin chowns incoming files (for virtual users) to UID 'virtual', GID 'virtual'. Every 5 mins a script runs on the files to chown them to 'ftpadmin', so this user can move or delete them. The permissions are not changed.
Disaster.
I changed htdocs to ftpadmin:ftpadmin. I can now ftp perfectly. Alas, I can now see none of my pages via http.
The group owner can still be www, as usual. But you also need to make sure that 'others' can read the files, so the directory's permission has to be 755 minimum, and the files 644.
Who owns what? Can't Apache serve from whoever owns htdocs?
Depends on the permission bits, the Apache process owner (wwwrun) has to be able to read the files and, in case of e.g. PHP, to execute. HTH, HANW Theo -- Theo v. Werkhoven Registered Linux user# 99872 http://counter.li.org ICBM 52 13 26N , 4 29 47E. + ICQ: 277217131 SUSE 10.2 + Jabber: muadib@jabber.xs4all.nl Kernel 2.6.20 + See headers for PGP/GPG info. Claimer: any email I receive will become my property. Disclaimers do not apply. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Disaster.
I changed htdocs to ftpadmin:ftpadmin. I can now ftp perfectly. Alas, I can now see none of my pages via http.
The group owner can still be www, as usual. But you also need to make sure that 'others' can read the files, so the directory's permission has to be 755 minimum, and the files 644.
Who owns what? Can't Apache serve from whoever owns htdocs?
Depends on the permission bits, the Apache process owner (wwwrun) has to be able to read the files and, in case of e.g. PHP, to execute.
Hi Getting nowhere. I created a user ftpadmin and a group ftpadmin. I made ftpadmin's home folder /srv/www/htdocs everything under /htdocs is owned by ftpadmin:ftpadmin I can now ftp remotely to the /htdocs folder. No problem Having made these changes I can no longer see any web pages. What do I need to do to be able to both ftp and see webpages? Who has to own what? Cheers and thanks for your patience. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
primm wrote:
I created a user ftpadmin and a group ftpadmin. I made ftpadmin's home folder /srv/www/htdocs
everything under /htdocs is owned by ftpadmin:ftpadmin
I can now ftp remotely to the /htdocs folder. No problem
Having made these changes I can no longer see any web pages.
What do I need to do to be able to both ftp and see webpages? Who has to own what?
chgrp -R www /srv/www/htdocs chmod -R g+rx /srv/www/htdocs Joe -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Friday 28 September 2007 22:44, Sloan wrote:
primm wrote:
I created a user ftpadmin and a group ftpadmin. I made ftpadmin's home folder /srv/www/htdocs
everything under /htdocs is owned by ftpadmin:ftpadmin
I can now ftp remotely to the /htdocs folder. No problem
Having made these changes I can no longer see any web pages.
What do I need to do to be able to both ftp and see webpages? Who has to own what?
chgrp -R www /srv/www/htdocs chmod -R g+rx /srv/www/htdocs
Joe
OK. I can now both use ftp and see web pages. Brilliant. Saved me loads time. Just one more question. /srv/www/htdocs is now (user:group) ftpadmin:www Is that correct? Or doesn't it matter. Thanks, Lynn -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Sat, 29 Sep 2007, by lynn@steve-ss.com:
On Friday 28 September 2007 22:44, Sloan wrote:
primm wrote:
I created a user ftpadmin and a group ftpadmin. I made ftpadmin's home folder /srv/www/htdocs
everything under /htdocs is owned by ftpadmin:ftpadmin
I can now ftp remotely to the /htdocs folder. No problem
Having made these changes I can no longer see any web pages.
What do I need to do to be able to both ftp and see webpages? Who has to own what?
chgrp -R www /srv/www/htdocs chmod -R g+rx /srv/www/htdocs
Joe
OK. I can now both use ftp and see web pages. Brilliant. Saved me loads time.
Just one more question. /srv/www/htdocs is now (user:group) ftpadmin:www
Is that correct? Or doesn't it matter.
It is correct. One observation: for a Linux user and website admin you seem to know very little about the Unix permission schemes. Do yourself (and possible users of your site) a favor, and make yourself familiar with these (and other) basics. Disaster always strikes at the least convenient times, i.e., when no-one can help you but yourself.. Theo -- Theo v. Werkhoven Registered Linux user# 99872 http://counter.li.org ICBM 52 13 26N , 4 29 47E. + ICQ: 277217131 SUSE 10.2 + Jabber: muadib@jabber.xs4all.nl Kernel 2.6.20 + See headers for PGP/GPG info. Claimer: any email I receive will become my property. Disclaimers do not apply. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Saturday 29 September 2007 15:48, Theo v. Werkhoven wrote:
Sat, 29 Sep 2007, by lynn@steve-ss.com:
On Friday 28 September 2007 22:44, Sloan wrote:
primm wrote:
I created a user ftpadmin and a group ftpadmin. I made ftpadmin's home folder /srv/www/htdocs
everything under /htdocs is owned by ftpadmin:ftpadmin
I can now ftp remotely to the /htdocs folder. No problem
Having made these changes I can no longer see any web pages.
What do I need to do to be able to both ftp and see webpages? Who has to own what?
chgrp -R www /srv/www/htdocs chmod -R g+rx /srv/www/htdocs
Joe
OK. I can now both use ftp and see web pages. Brilliant. Saved me loads time.
Just one more question. /srv/www/htdocs is now (user:group) ftpadmin:www
Is that correct? Or doesn't it matter.
It is correct. One observation: for a Linux user and website admin you seem to know very little about the Unix permission schemes. Do yourself (and possible users of your site) a favor, and make yourself familiar with these (and other) basics. Disaster always strikes at the least convenient times, i.e., when no-one can help you but yourself..
Theo
Thanks. It's good advice. I must admit to using out of the box applications and expecting them to just work. Usually they do. I suppose if I bought the windows server I'd get 24/7 support. Maybe that's what I should be looking at in my situation. I have however learned a lot from this experience, especially from the (free) advice given here. So I'm going to continue with my Linux setup until I understand enough not to have to trouble the list. I wish to thank everyone for their contributions in helping me solve this problem and I hope that I have not wasted your time on something trivial. Thanks again. Lynn. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
primm wrote:
Thanks. It's good advice. I must admit to using out of the box applications and expecting them to just work. Usually they do. I suppose if I bought the windows server I'd get 24/7 support.
If you bought linux server you'd get 24/7 support as well.
Maybe that's what I should be looking at in my situation.
How would downgrading to windoze help? If you want paid support, it's available with SLES or other linux distros. I work in a shop where the managers would love to see an all windoze shop, but the reality is they need unix in the server room because windoze doesn't "just work" in quite a few situations - and support doesn't help. The only solution found thus far is to let unix/linux handle those tasks.
I have however learned a lot from this experience, especially from the (free) advice given here. So I'm going to continue with my Linux setup until I understand enough not to have to trouble the list. I wish to thank everyone for their contributions in helping me solve this problem and I hope that I have not wasted your time on something trivial.
Everyone has to start somewhere, so please don't feel bad about asking for help. Just pass it on someday when the shoe is on the other foot. Joe -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Saturday 29 September 2007 19:56, joe wrote:
primm wrote:
Thanks. It's good advice. I must admit to using out of the box applications and expecting them to just work. Usually they do. I suppose if I bought the windows server I'd get 24/7 support.
If you bought linux server you'd get 24/7 support as well.
Maybe that's what I should be looking at in my situation.
How would downgrading to windoze help? If you want paid support, it's available with SLES or other linux distros. I work in a shop where the managers would love to see an all windoze shop, but the reality is they need unix in the server room because windoze doesn't "just work" in quite a few situations - and support doesn't help. The only solution found thus far is to let unix/linux handle those tasks.
I have however learned a lot from this experience, especially from the (free) advice given here. So I'm going to continue with my Linux setup until I understand enough not to have to trouble the list. I wish to thank everyone for their contributions in helping me solve this problem and I hope that I have not wasted your time on something trivial.
Everyone has to start somewhere, so please don't feel bad about asking for help. Just pass it on someday when the shoe is on the other foot.
Joe
Hi and thanks Joe. You give me new hope. I run a photo studio here in Alicante and have precious little time to sort out computer matters. Fact is, since I put up a website our client base has grown a lot. It's a steep learning curve from point and click XP to firewall, port, Apache, ftp, ssh, MySQL, php, 3306, 80, the cli, the Linux permission system. . . for over 3 months we have had not one virus take us down. It just works without having to reinstall so frequently. I got the impression I was wasting the time of people on the list. In fact, looking back at my question it was not as trivial as it sounds as I also wanted to preserve the integrity of our system as we serve the web pages from our own PC's. I'm a secretary who left xp to install a proper server. Another doubt I had was as to whether this list was also for people using opensuse commercially. Maybe I'm breaking the law making money indirectly from opensuse. I don't mind paying for support but the advice here is all I need. I am new to the list having taken over the e-mail from my previous incumbent. If the list is simply for hobbyists then could you please point me in the right direction elsewhere. I looked at the opensuse list details but there is no mention as to it's use. Love and kisses from Lynn. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Saturday 29 September 2007 19:25:30 primm wrote:
On Saturday 29 September 2007 19:56, joe wrote:
Everyone has to start somewhere, so please don't feel bad about asking for help. Just pass it on someday when the shoe is on the other foot.
Joe
Hi and thanks Joe. You give me new hope.
Another doubt I had was as to whether this list was also for people using opensuse commercially. Maybe I'm breaking the law making money indirectly from opensuse. I don't mind paying for support but the advice here is all I need.
I am new to the list having taken over the e-mail from my previous incumbent. If the list is simply for hobbyists then could you please point me in the right direction elsewhere. I looked at the opensuse list details but there is no mention as to it's use.
Love and kisses from Lynn.
Don't worry about using opensuse 10.2 for any purpose, even commercially. Many, many people use Linux(s) from many different distributors for home, small business, large enterprise and many other uses. Some businesses want the comfort factor of using SLES, complete with its backup from Novell, but there's no absolute need. Keep on doing as you're doing and you'll be fine. :) Cheers Pete -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
primm wrote:
I got the impression I was wasting the time of people on the list. In fact, looking back at my question it was not as trivial as it sounds as I also wanted to preserve the integrity of our system as we serve the web pages from our own PC's. I'm a secretary who left xp to install a proper server.
Another doubt I had was as to whether this list was also for people using opensuse commercially. Maybe I'm breaking the law making money indirectly from opensuse. I don't mind paying for support but the advice here is all I need.
I am new to the list having taken over the e-mail from my previous incumbent. If the list is simply for hobbyists then could you please point me in the right direction elsewhere. I looked at the opensuse list details but there is no mention as to it's use.
No fear, you're not wasting anyone's time, your questions are just the sort of thing this list is for. In fact, you're to be congratulated IMHO for stepping up as you have. As far as the commercial/personal split, there really is none. Linux is always free, but to get commercial support you have to pay some vendor. It all depends on how much support and what kind of support you want or need. I do sys admin work for $large_company during the day, and consult for small and medium businesses outside those hours. $large_company uses SLES servers in the data center, because they want that 24/7 support, and the legal indemnification which is available to enterprise customers from Novell. Of my consulting clients, most of them run opensuse, and one runs SLES. In my own office at home, I run all opensuse servers and desktops, but SLED on my laptop since there's no rule against using SLED for personal use, just as there's no rule against using opensuse for business purposes. Joe -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
primm wrote:
On Friday 28 September 2007 22:44, Sloan wrote:
primm wrote:
I created a user ftpadmin and a group ftpadmin. I made ftpadmin's home folder /srv/www/htdocs
everything under /htdocs is owned by ftpadmin:ftpadmin
I can now ftp remotely to the /htdocs folder. No problem
Having made these changes I can no longer see any web pages.
What do I need to do to be able to both ftp and see webpages? Who has to own what? chgrp -R www /srv/www/htdocs chmod -R g+rx /srv/www/htdocs
Joe
OK. I can now both use ftp and see web pages. Brilliant. Saved me loads time.
Just one more question. /srv/www/htdocs is now (user:group) ftpadmin:www
Is that correct? Or doesn't it matter.
That is indeed the setup I recommend for your situation - there may be other configurations that may seem to work, but this is the most straightforward approach that comes to mind. Joe -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
participants (6)
-
Damon Register -
joe -
Pete Connolly -
primm -
Sloan
-
Theo v. Werkhoven