Related

Centos 8 minimal installation with apache moodle suddenly restarts Question Question
Server won't boot Question Question

Question

Apache cannot read uploaded files by ftp users (Centos 8)

Posted March 21, 2021 95 views
ApacheCentOS 8

Hi, if I upload files with “ftp1” user (the ftp user) apache cannot read/write these files.

For example if I upload the file “info.php” to website directory /var/www/website and then I go to browser and type “http://server_ip/info.php! I get "Access denied.”.

I noticed that the files uploaded by ftp users have this permission: -rw------- 1 ftp1 ftp1 26 Mar 21 10:04 info.php , when the apache files have -rw-rwxr--+ 1 apache apache 405 Feb 6 2020 index.php .

About the FTP config, I set /var/www/website as ftp user home, and then I run these commands:

usermod -a -G ftp1 apache
setfacl -R -m u:ftp1:rwx /var/www/website

Thank you in advance.

Add a comment
Xenon032
By:
Xenon032

Related

Centos 8 minimal installation with apache moodle suddenly restarts Question Question
Server won't boot Question Question

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

×
Submit an Answer
2 answers
alexdo March 23, 2021
Initial Server Setup with CentOS 8
by Brian Boucheron
When you first create a new CentOS 8 server, there are a few configuration steps that you should take early on as part of the basic setup. This will increase the security and usability of your server and will give you a solid foundation for subsequent actions. This guide will cover setting up a non-root user with sudo, and setting up a basic firewall.
Reply Report
KFSys March 22, 2021

Hi @Xenon032,

You’ve almost got it. You are correct it’s because of Apache not being able to access files from ftp1. 

-rw-------   1 ftp1   ftp1      26 Mar 21 10:04 info.php

Adding the Apache under the ftp1 would work as well however in that case you’ll need to make sure your files that you upload should have permissions for groups to read/execute. They should look like

-rw-r--r--

This can be made by executing:

chmod 644 info.php

Regards,
KFSys

Reply Report
  • Xenon032 March 22, 2021

    Hi, I have analyzed the permissions and I configure the whole thing like that:

    1) I set up /var/www/webserver as ftp user home.

    2) Then I run these commands for granting the ftp user to have access to apache files:

    usermod -a -G ftpuser apache
setfacl -R -m u:ftpuser:rwx /var/www/website

    3) Next I set that the files created inside the /var/www/webserver directory will inherit the apache group:

    find /var/www/website -type d -print0 | xargs -0 chmod g+s

    4) I set these parameters inside the vsftpd configuration:

    file_open_mode=0777
local_umask=022

    0777-022=755 , so all the uploaded files with ftp will have the 755 permission.

    The result

    Now I am able to upload/delete files inside /var/www/webserver with ftp user and apache can read this files successfully.
    Now the permission of the web server are like that:

    /var/www 755 root:root

    /var/www/website 755 apache:apache

    Directories inside /website 770 apache:apache

    Files inside /website 664 apache:apache

    Files uploaded by ftp 755

    My question is: is it secure to use these permissions on a webserver? Thank you.

    Reply Report
    • KFSys March 24, 2021

      Hi @Xenon032,

      The permissions you gave me as an example are correct and are secure enough.

      Usually, because how permissions work, folders tend to have 755 and files 644. You’ve followed that rule so everything should be fine!

      Regards,
      KFSys

      Reply Report
      • Xenon032 March 24, 2021

        And about the folders inside /website that have 770?

        Reply Report
        • KFSys March 26, 2021

          The permissions 770 are quite permissive, that true.

          Basically, what those permissions mean, is the following:

          The user owning this file has - 7 - read, write,execute.
          The group owning this file has - 7 - read, write, execute
          Everyone else has - 0 - no permissions.

          It’s still okay but in case any other user is assigned to the same group, they will have all permissions as well.

          Reply Report

Related

Looking for something else?

Ask a new question Search for more help