I'm trying to setup a user in centos that can read/write/delete/etc files in the /var/www/html directory. With some help here I got the user able to log on and view files, but now they cannot upload/delete etc.
I created a user 'ftpuser' with a UID/GID of 500, a valid shell /bin/sh and a home directory of /var/www/
I changed the owner of /var/www/html to ftpuser.ftpuser [& tried 0777ing it as well]
That user should be able to read/write/del files in the /var/www/html/ directory.
here is the proftpd config:
ServerName "ProFTPD server"
ServerIdent on "FTP Server ready."
ServerAdmin root@localhost
ServerType standalone
DefaultServer on
VRootEngine on
#DefaultRoot ~ !adm
DefaultRoot /var/www/
VRootAlias /etc/security/pam_env.conf etc/security/pam_env.conf
AuthPAMConfig proftpd
AuthOrder mod_auth_pam.c* mod_auth_unix.c
#PersistentPasswd off
UseReverseDNS off
User nobody
Group nobody
MaxInstances 20
UseSendfile off
LogFormat default "%h %l %u %t \"%r\" %s %b"
LogFormat auth "%v [%P] %h %t \"%r\" %s"
# Global Config - config common to Server Config and all virtual hosts
# See: http://www.proftpd.org/docs/howto/Vhost.html
<Global>
Umask 022
AllowOverwrite yes
<Limit ALL SITE_CHMOD>
AllowAll
</Limit>
</Global>
<Directory /var/www>
AllowOverwrite yes
<Limit ALL>
AllowAll
</Limit>
</Directory>
<Limit LOGIN>
AllowUser ftpuser
DenyALL
</Limit>
I don't know why this won't work. Does anyone see what I am doing wrong?
Best Answer
It sounds like SELinux got in your way here. If you do not want SELinux preventing ftp from writing files anywhere on the system you need to turn on the allow_ftpd_full_access boolean. First of all, check if it's currently enabled or disabled by running:
If it tells you that it's off, enable it with this command (it can take a minute or so to be applied throughout your system, so be patient):
Additionally, because you set the homedir of your user to /var/www, you will also need to set the
ftp_home_dir
setting to On.When you set the homedir, the
user_home_t
security context was probably also set on /var/www. Set it to something more public likehttpd_sys_content_t
orpublic_content_rw_t
. You can usechcon
for this.Restart your FTP server after applying these settings and you should be good to go.
See this documentation if you'd like some futher in-depth information.