ProFTPD problem with permissions during upload files to public_html

SamotniQ

Verified User
Joined
Nov 21, 2008
Messages
17
Location
Poland
Hello,

I have installed ProFTPD Version 1.3.5 on my server. When I upload files to /home/$user/domains/$domain_name/public_html/ UID and GID are set to $user:$user. This permission should be properly set to: $user:apache ... How can I solve this problem?

Below is my proftpd.conf file:


ServerName "server"
ServerType standalone

Port 21
PassivePorts 35000 35999
UseReverseDNS off
TimesGMT off
TimeoutLogin 120
TimeoutIdle 600
TimeoutNoTransfer 900
TimeoutStalled 3600

ScoreboardFile /var/run/proftpd/proftpd.pid

TransferLog /var/log/proftpd/xferlog.legacy
LogFormat default "%h %l %u %t \"%r\" %s %b"
LogFormat auth "%v [%P] %h %t \"%r\" %s"
LogFormat write "%h %l %u %t \"%r\" %s %b"

#DON'T modify this log format. Its used by DirectAdmin to determine user usage
LogFormat userlog "%u %b %m %a"
ExtendedLog /var/log/proftpd/62.141.41.19.bytes WRITE,READ userlog

AuthUserFile /etc/proftpd.passwd
DefaultServer on
AuthOrder mod_auth_file.c

#AuthPAM off

#SQ
<IfModule mod_cap.c>
CapabilitiesEngine on
CapabilitiesSet +CAP_CHOWN
</IfModule>
#SQ

<IfModule mod_tls.c>
TLSEngine on
TLSLog /var/log/proftpd/proftpd.tls.log
TLSProtocol SSLv23
#TLSProtocol TLSv1
TLSVerifyClient off
TLSRequired off

#Certificates
TLSRSACertificateFile /etc/exim.cert
TLSRSACertificateKeyFile /etc/exim.key
#TLSCACertificateFile /etc/ftpd/root.cert.pem

TLSCipherSuite HIGH:MEDIUM:+TLSv1:!SSLv2:+SSLv3
</IfModule>
<Global>
PassivePorts 35000 35999
DeferWelcome on

RequireValidShell no


DefaultRoot ~
DirFakeUser on ftp
DirFakeGroup on ftp

User ftp
Group ftp
#UserAlias anonymous ftp

AllowStoreRestart on
AllowRetrieveRestart on

ListOptions -a
ShowSymlinks on
<IfModule mod_facts.c>
##Enable this with proftpd 1.3.4b+ to fix FileZilla MLSD
##http://www.proftpd.org/docs/modules/mod_facts.html#FactsOptions
# FactsOptions UseSlink
</IfModule>

Umask 022
DisplayLogin welcome.msg
DisplayChdir readme
AllowOverwrite yes
IdentLookups off
ExtendedLog /var/log/proftpd/access.log WRITE,READ write
ExtendedLog /var/log/proftpd/auth.log AUTH auth

#
# Paranoia logging level....
#
#ExtendedLog /var/log/proftpd/paranoid.log ALL default

<IfModule mod_tls.c>
TLSEngine on
TLSLog /var/log/proftpd/proftpd.tls.log
TLSRSACertificateFile /etc/exim.cert
TLSRSACertificateKeyFile /etc/exim.key
</IfModule>
</Global>


Include /etc/proftpd.vhosts.conf
 
Last edited:
Why they should be set to user:apache? That have no sense at all, files are correctly set to user:user cause that's they way they should be set.

Regards
 
SeLLeRoNe thanks for your reply. Apache 2.x is running as apache user:

apache 12668 0.0 0.5 157048 22068 ? S 17:30 0:00 /usr/sbin/httpd -k start -DSSL

When my clients upload files using FTP (proftpd) server directly to: /home/$user/domains/$domain/public_html for example with any CMS including web creator ex. Joomla, Wordpress default rights are:

# file: index.php
# owner: $user
# group: $user
user::rw-
group::r--
other::r--

All scripts to configure CMS using included creator are running with "apache" user rights, so Apache can`t create and write any configuration to files (ex. MySQL setting - hosts, user, password etc.).

So the best way for me is set owner as $user and group to apache to all files uploaded to: /home/$user/domains/$domain/public_html and set permission to:
# file: index.php
# owner: $user
# group: apache
user::rw-
group::rw-
other::r--

Of course I can correct manually this settings using chown commands, but this is not good solution for a large number of customers.
 
Last edited:
That's definitly the bad way to go.

You should better use mod_ruid2 or php_fcgi (i use mod_ruid2) to be able to have user:user and let WP and other software be able to write configs files aswell without need to change ownership of files and/or their permissions.

Regards
 
Back
Top