Centos – Proftpd user cannot write/delete in home directory

I'm trying to setup a user in centos that can read/write/delete/etc files in the /var/www/html directory. With some help here I got the user able to log on and view files, but now they cannot upload/delete etc.

I created a user 'ftpuser' with a UID/GID of 500, a valid shell /bin/sh and a home directory of /var/www/

I changed the owner of /var/www/html to ftpuser.ftpuser [& tried 0777ing it as well]

That user should be able to read/write/del files in the /var/www/html/ directory.

here is the proftpd config:

ServerName                      "ProFTPD server"
ServerIdent                     on "FTP Server ready."
ServerAdmin                     root@localhost
ServerType                      standalone
DefaultServer                   on
VRootEngine                     on
#DefaultRoot                    ~ !adm
DefaultRoot                     /var/www/
VRootAlias                      /etc/security/pam_env.conf etc/security/pam_env.conf
AuthPAMConfig                   proftpd
AuthOrder                       mod_auth_pam.c* mod_auth_unix.c
#PersistentPasswd               off
UseReverseDNS                   off
User                            nobody
Group                           nobody
MaxInstances                    20
UseSendfile                     off
LogFormat                       default "%h %l %u %t \"%r\" %s %b"
LogFormat                       auth    "%v [%P] %h %t \"%r\" %s"

# Global Config - config common to Server Config and all virtual hosts
# See: http://www.proftpd.org/docs/howto/Vhost.html
<Global>
  Umask                         022
  AllowOverwrite                yes
  <Limit ALL SITE_CHMOD>
    AllowAll
  </Limit>
</Global>

<Directory /var/www>
        AllowOverwrite          yes
        <Limit ALL>
                AllowAll
        </Limit>
</Directory>

<Limit LOGIN>
AllowUser ftpuser
DenyALL
</Limit>

I don't know why this won't work. Does anyone see what I am doing wrong?

Best Answer

It sounds like SELinux got in your way here. If you do not want SELinux preventing ftp from writing files anywhere on the system you need to turn on the allow_ftpd_full_access boolean. First of all, check if it's currently enabled or disabled by running:

getsebool allow_ftpd_full_access

If it tells you that it's off, enable it with this command (it can take a minute or so to be applied throughout your system, so be patient):

setsebool -P allow_ftpd_full_access=1

Additionally, because you set the homedir of your user to /var/www, you will also need to set the ftp_home_dir setting to On.

setsebool -P ftp_home_dir=1

When you set the homedir, the user_home_t security context was probably also set on /var/www. Set it to something more public like httpd_sys_content_t or public_content_rw_t. You can use chcon for this.

chcon -R -t httpd_sys_content_t /var/www

Restart your FTP server after applying these settings and you should be good to go.

See this documentation if you'd like some futher in-depth information.

Best Answer

Related Solutions

Centos – WebDAV on CentOS – getting 403 error when attempt to upload

Ubuntu – ProFTPD Virtual User Directory

Related Topic