I installed Proftpd Administrator GUI to make it easier to manage my FTP users. The problem I have is that I have to set the directory permissions to 777 to allow the virtual users saved in the mysql database to edit and save the files. If I change it to 775, the user gets Permission Denied.
This is my proftpd.conf file
Include /etc/proftpd/modules.conf
ServerName "ServerName"
ServerType standalone
ServerIdent on "Servers identifying string"
DeferWelcome on
DefaultServer on
DisplayLogin .welcome # Textfile to display on login
DisplayConnect .connect # Textfile to display on connec$
#DisplayFirstChdir .firstchdir # Textfile to display on first $
UseReverseDNS off
IdentLookups off
Port 21
Umask 022
MaxInstances 15
MaxClientsPerHost 3 "Only %m connections per host a$
MaxClients 10 "Only %m total simultanious log$
MaxHostsPerUser 1
User proftpd
Group www-data
ScoreboardFile /var/log/scoreboard
# Some logging formats
LogFormat default "%h %l %u %t \"%r\" %s %b"
LogFormat auth "%v [%P] %h %t \"%r\" %s"
LogFormat write "%h %l %u %t \"%r\" %s %b"
# Define log-files to use
TransferLog /var/log/proftpd.xferlog
ExtendedLog /var/log/proftpd.access_log WRITE,READ write
ExtendedLog /var/log/proftpd.auth_log AUTH auth
ExtendedLog /var/log/proftpd.paranoid_log ALL default
SQLLogFile /var/log/proftpd.mysql
# Set up authentication via SQL
# ===========
AuthOrder mod_sql.c
SQLAuthTypes Backend
SQLConnectInfo proftpd_admin username password
SQLUserInfo usertable userid passwd uid gid homedir shell
SQLGroupInfo grouptable groupname gid members
SQLUserWhereClause "disabled=0 and (NOW()<=expiration or expiratio$
# Log the user logging in
SQLLog PASS counter
SQLNamedQuery counter UPDATE "lastlogin=now(), count=count+1 WHERE userid='%u'"$
# logout log
SQLLog EXIT time_logout
SQLNamedQuery time_logout UPDATE "lastlogout=now() WHERE userid='%u'" usertable
# display last login time when PASS command is given
SQLNamedQuery login_time SELECT "lastlogin from usertable where userid='%u'"
SQLShowInfo PASS "230" "Last login was: %{login_time}"
# xfer Log in mysql
SQLLog RETR,STOR transfer1
SQLNamedQuery transfer1 INSERT "'%u', '%f', '%b', '%h', '%a', '%m', '%T', now($
SQLLOG ERR_RETR,ERR_STOR transfer2
SQLNamedQuery transfer2 INSERT "'%u', '%f', '%b', '%h', '%a', '%m', '%T', now($
AllowStoreRestart on
AllowRetrieveRestart on
RequireValidShell off
#PathDenyFilter "\\.ftp)|\\.ht)[a-z]+$"
DefaultRoot ~
DenyFilter \*.*/
<Directory /path/to/dir>
AllowOverwrite on
HideNoAccess off
<Limit READ>
AllowAll
</Limit>
<Limit WRITE>
AllowAll
</Limit>
</Directory>
<Directory /path/to/dir>
AllowOverwrite on
HideNoAccess on
<Limit READ>
AllowAll
</Limit>
<Limit STOR MKD>
AllowAll
</Limit>
</Directory>
I put the proftpd user that is running proftpd service in www-data (the group that is set to that directory). I changed the virtual users GID to match the www-data GID from the system (which is 33). When I create a new file with a virtual user, that file GID is set to 65533 and permissions with 644. This GID doesn't exist in my systems /etc/group file.
How can I keep the folder and files permissions to 755 and let the user edit and save those files?
Best Answer
I suspect that mod_sql might be filtering the UID/GID values that you have assigned to your users in your SQL database. By default, mod_sql (for historical reasons) imposes a minimum value for the numeric IDs; any values below this minimum are mapped to a default value. See:
http://www.proftpd.org/docs/contrib/mod_sql.html#SQLMinID
and that value of 65533 comes from the defaults, e.g.:
http://www.proftpd.org/docs/contrib/mod_sql.html#SQLDefaultUID
So given this, you might try adding:
to your proftpd.conf.