1

This is a follow up to my previous rather dumb question about adding a FTP user for one of my clients... original question here.

I'm running a Linux2 instance on AWS. I have a number of site running on the server, some of which are wordpress.

One of clients wants FTP access to their site.

In my previous question it was suggested I use Groups to solve this. I followed a tutorial elsewhere for creating a user, a group and setting permissions. I did the following:

useradd thisSiteFTP
passwd thisSiteFTP
groupadd thisSiteUsers
usermod -a -G thisSiteUsers thisSiteFTP
chown -R :thisSiteUsers /var/www/thisSiteHomeDir
chmod -R g+w /var/www/thisSiteHomeDir
chmod -R o-x /var/www/thisSiteHomeDir
chgrp -R thisSiteUsers /var/www/thisSiteHomeDir

so, I created a user and a group, and assigned the user to the group. I then gave ownership of the home directory to this group.

unfortunately, at this point, when I tried to FTP to using thisSiteUsers credentials I get 'Connection refused by server'. Also, the website no longer displays, I get a 'you don't have permission' error.

I changed the owner of the directory back to 'apache' and the site came back online.

I'm sure I'm missing something obvious and easy. Any suggestions to what I'm doing wrong?

Dog
  • 113
  • Have you advised the client against using ftp to access their site? ftp sends passwords in the clear, which is an open invitation to having their site cracked. That said, your problem is that you set the permissions so restrictive that the apache user couldn't read the site content, particularly chmod -R o-x /var/www/thisSiteHomeDir – Jim L. Jul 11 '19 at 15:17
  • thanks for your comment... 2 questions... what would be your recommendation if not to use FTP (the client wants a developer to make some cusotm edits to a script)?.... and what would be the correct permissions if the ones i gave were too limiting? bear in mind when i gave the permissions i wrote in the question neither FTP nor the site itself worked... thanks! – Dog Jul 11 '19 at 18:22
  • Presumably good web developers use a secure encrypted protocol like sftp or such. You wouldn't log in to your bank's web site without https would you? As for perms, try this: open one shell as root and cd /var/www/thisSiteHomeDir. You'll use that shell to change perms. Open another shell and sudo su -l apache and cd /var/www/thisSiteHomeDir. I bet you'll find lots of things that apache can't access. Use the root shell to change the perms. Mostly I suspect you'll need world-read (but not world-write!) on files, and world-execute on directories (but probably not on files). – Jim L. Jul 11 '19 at 18:54

0 Answers0