I want to setup vsftpd to allow a user (foouser) to upload and create directories to /var/www/ with the intention of allowing entire webstites to be uploaded.
Current Permissions:
- Apache runs at www-data.
- document root is: /var/www/
- Permissions are www-data:www-data for /var/www (recursively.)
Steps already taken:
Created user: foouser
useradd foouser
Added foo user to www-data group.
usermod -a -G www-data foouser
Set /var/www/ as foouser's homedir:
usermod -d /var/www/
Here's my vsftpd.conf file:
root@c9e0266eb8c8:/var# cat /etc/vsftpd.conf | grep -v ^#
listen=YES
local_enable=YES
write_enable=YES
local_umask=022
dirmessage_enable=YES
use_localtime=YES
xferlog_enable=YES
connect_from_port_20=YES
chown_uploads=YES
chown_username=www-data
xferlog_file=/var/log/vsftpd.log
xferlog_std_format=YES
But, I still cannot upload the file:
Command: USER foouser
Response: 331 Please specify the password.
Command: PASS ******
Response: 230 Login successful.
Status: Server does not support non-ASCII characters.
Status: Connected
Status: Starting upload of /home/michael/settings.json
Command: CWD /var/www
Response: 250 Directory successfully changed.
Command: TYPE I
Response: 200 Switching to Binary mode.
Command: PASV
Response: 227 Entering Passive Mode (172,17,0,2,174,22).
Command: STOR settings.json
Response: 553 Could not create file.
Error: Critical file transfer error
NOW… if I change the directory permissions from www-data to foouser:foouser, I can upload just fine, but that (of course) breaks apache.
What am I doing wrong?
Edit: Allowing anonymous file upload to /var/www/ would also be fine. This is a docker container, so an insecure practice like that is fine since this will be used for development not production.
Best Answer
I think you need to add passive mode configurations to your '/etc/vsftpd.conf` file since your connection is entering into passive mode. Below are the configs.
You can set
pasv_min_portandpasv_max_portas per your need. but make sure you allow them into your firewall.