Solved

vsFTP configuration and the htm directory

Posted on 2004-10-27
627 Views
Last Modified: 2013-12-16
I need to give a group of users permission to write to the /var/www/html/ directory of a Redhat Core 2 installation.  I have an active apache 2.xx server running, with this as the primary directory.

Did I mention I need to do this all through an ssh connection?

Step by step would be an excellent help.
0
Question by:preserver3
    7 Comments
     
    LVL 6

    Expert Comment

    by:blkline
    Before you can get explicit instructions you need to add a few more details.  The most important details is how are the users going to do the updates?  Are they local to the machine?  Are they Linux/Unix users?  Are they Windows users?     Will they be doing this through a Windows share?  FTP?  SFTP?

    Answer these and we can give you a better answer.
    0
     
    LVL 1

    Author Comment

    by:preserver3
    I was going to update this question a bit today, I hope this is enough info.

    My users are a mix of Mac, Windows, and Linux users

    my current /etc/vsftpd/vsftpd.conf file looks like this
    anonymous_enable=NO
    local_enable=YES
    write_enable=YES
    local_umask=022
    dirmessage_enable=YES
    xferlog_enable=YES
    connect_from_port_20=YES
    pam_service_name=vsftpd
    userlist_enable=YES
    listen=YES
    tcp_wrappers=YES
    local_root=/var/www/html
    file_open_mode=0777
    cmds_allowed=ABOR,CWD,DELE,LIST,MDTM,MKD,NLST,PASS,PASV,PORT,PWD,QUIT,RETR,RMD,RNFR,RNTO,SITE,SIZE,STOR


    It seems to work on one of my machines, and not the other.

    I have 6 user accounts, I've created in the ordinary way(ie normal linux users).  I would like to group each and give each a different configuration of commands.  One of the user accounts, I'd like to give only read access.

    Any suggestions?
    0
     
    LVL 1

    Author Comment

    by:preserver3
    As another note... I need to know what I need to add to my configuration to allow at least one user to use dreamweaver to connect to the site directly.

    0
     
    LVL 6

    Accepted Solution

    by:
    If I were doing this I'd do it like this:

    1)   groupadd htmlauthors
    2)   for each of your users:
                usermod -g htmlauthors myuser
    3)   chgrp htmlauthors /var/www/html
    4)   chmod g+rwx /var/www/html

    The only con to this method is that if the group permissions will get funky if those users actually sign on to that server to do their own work.  Then you need to worry about group permissions on the other things that they create.  If you are only allowing them on to work with this directory then you should be good to go.  You man need to change the umask parameter in your vsftp.conf file so that each file is created r/w within the group -- test it and see.

    Another alternative with vsftp (I think, I don't use it) is to have the users assume another identity after authenticating.  You could take advantage of that to allow access to the directory, after giving the appropriate permissions to the directory.
    0
     
    LVL 1

    Author Comment

    by:preserver3
    I tried your example, but my users can't create files or directories in the html directory... is there something wrong with my configuration file?  Thanks for your help so far.


    0
     
    LVL 1

    Author Comment

    by:preserver3
    false alarm...  It just didn't give them access to the directories further down the tree.

    Thanks!
    0
     
    LVL 1

    Author Comment

    by:preserver3
    I've got a problem....  

    Files created under the group users are being assigned to the individual users and not to apache.  Additionally, I'm guessing because I changed my umask to 077 and not 0775 that that's why I can't delete files I've uploaded in previous sessions.

    Any other insights you can provide?

    Oh, and for the benefit of the PAQ, add SYST to the end of the cmds_allowed=... line... It's suprising how many errors you'll get from ftp clients without that entry.

    0

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    IT, Stop Being Called Into Every Meeting

    Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

    Network Interface Card (NIC) bonding, also known as link aggregation, NIC teaming and trunking, is an important concept to understand and implement in any environment where high availability is of concern. Using this feature, a server administrator …
    I am a long time windows user and for me it is normal to have spaces in directory and file names. Changing to Linux I found myself frustrated when I moved my windows data over to my new Linux computer. The problem occurs when at the command line.…
    Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
    Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:

    856 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    17 Experts available now in Live!

    Get 1:1 Help Now