Get alerted when assets are down, slow, or vulnerable to SSL attacks—all free for a month. Learn more

Question

Apache cannot read uploaded files by ftp users (Centos 8)

Hi, if I upload files with “ftp1” user (the ftp user) apache cannot read/write these files.

For example if I upload the file “info.php” to website directory /var/www/website and then I go to browser and type "http://server_ip/info.php! I get “Access denied.”.

I noticed that the files uploaded by ftp users have this permission: -rw------- 1 ftp1 ftp1 26 Mar 21 10:04 info.php , when the apache files have -rw-rwxr--+ 1 apache apache 405 Feb 6 2020 index.php .

About the FTP config, I set /var/www/website as ftp user home, and then I run these commands:

usermod -a -G ftp1 apache
setfacl -R -m u:ftp1:rwx /var/www/website

Thank you in advance.

Submit an answer

This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

alexdoMarch 23, 2021
Accepted Answer

Hello there @Xenon032

These permissions are totally fine on a webserver. You can also check our initial server tutorial for CentOS 8 and the next tutorial on how to secure your server

https://www.digitalocean.com/community/tutorials/initial-server-setup-with-centos-8#step-4-—-setting-up-a-basic-firewall

https://www.digitalocean.com/community/tutorials/how-to-set-up-a-firewall-using-firewalld-on-centos-8

https://www.digitalocean.com/community/tutorials/how-to-secure-apache-with-let-s-encrypt-on-centos-8

Hope that this helps! Regards, Alex

Want to learn more? Join the DigitalOcean Community!

Join our DigitalOcean community of over a million developers for free! Get help and share knowledge in Q&A, subscribe to topics of interest, and get courses and tools that will help you grow as a developer and scale your project or business.

KFSysMarch 22, 2021

Hi @Xenon032,

You’ve almost got it. You are correct it’s because of Apache not being able to access files from ftp1.

-rw-------   1 ftp1   ftp1      26 Mar 21 10:04 info.php

Adding the Apache under the ftp1 would work as well however in that case you’ll need to make sure your files that you upload should have permissions for groups to read/execute. They should look like

-rw-r--r--

This can be made by executing:

chmod 644 info.php

Regards, KFSys

Try DigitalOcean for free

Click below to sign up and get $200 of credit to try our products over 60 days!

Sign up