0

I've successfully installed & configured vsftp. I've created a user (joe) & companion group (joes).

My user 'joe' can create, update, & delete files in it's 'home' directory without error WHEN logged in via ssh. Joe's home directoy has been set to /var/www/site via usermod -d. Joe can CRUD any files in /tmp, /home/joe, & /var/www/site when logged into the OS via ssh. After checking this I set the joe's shell to 'noshell' via usermod -s

joe's local directory permissions: drwxrwxr-x. 2 joe joe 27 Jun 8 10:05 site

The Joe can successfully login vsftpd using FileZilla. But the Joe cannot drop files to it's home directory using FileZilla. Joe can get files from the ftp hosted directory.

Here is the current procedure I'm creating to accomplish this task.

# yum install vsftpd
# service vsftpd stop
# vi /etc/vsftpd/vsftpd.userlist

add: joe

# vi /etc/vsftpd/vsftpd.conf

add/edit:

anonymous_enable=NO
local_enable=YES
write_enable=YES
connect_from_port_20=NO
chroot_local_user=YES
local_umask=022
userlist_file=/etc/vsftpd/vsftpd.userlist
userlist_enable=YES
userlist_deny=NO

then

# useradd -d /var/www/site -s /usr/sbin/nologin joe
# passwd joe
# chown -R joe /var/www/site
# chmod 775 /var/www/site
# vi /etc/shells

if necessary, add: /usr/sbin/nologin

# addgroup joes
# usermod -G joes joe
# service vsftpd start

Starting vsftpd is successful and without errors.

What does it take to configure vsftp to allow joe to load files from a remote?

Improve this question
4
  • I don’t understand. You have an ordinary, local user account (let’s say it is joe), and, when Joe logs in as joe via ssh, he has full read / write / delete permission in /home/joe.  But when Joe logs in to the FTP server (vsftp) — is he even in /home/joe, or is he in /var/www/site?  Can he access /tmp?  Can he create files there?  Please do not respond in comments; edit your question to make it clearer and more complete.
    – G-Man Says 'Reinstate Monica'
    Commented Jun 11, 2018 at 15:44
  • @G-Man As requested
    – user2367083
    Commented Jun 11, 2018 at 16:47
  • Thanks for the update; sorry for my delay in responding.  Is joe in the root group?  If yes, that’s probably worth mentioning.  If not, then it doesn’t make sense that he can create or delete files in /var/www/site, because the ftpuser user and the members of the root group are the only people who should have write access to that directory.  … … … … … … … … … … … … … … … Oh, wait!  I just noticed that the site mode has an eleventh character, which is dot (.).  Does it have an ACL or some other security attributes?  Is SELinux enabled?
    – G-Man Says 'Reinstate Monica'
    Commented Jun 14, 2018 at 5:14
  • joe is in the group joe. I only swapped 'joe' in place of every mention of 'ftpuser' in the OP at your request. Did I mess one? Corrected. Yes the 'ftpuser' & 'root' would be found as confusing.
    – user2367083
    Commented Jun 14, 2018 at 12:30

1 Answer 1

Reset to default
0

These two things make this work: local_umask=777 and useradd joe -d /var/www/site no permutation of chown and/or chown appear to affect any positive outcome

Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .