Solved Pure-ftpd cannot edit files

Hi,

I sometime have the need to allow third party access to our www files.
So in order to do that I have done the following
1. Lock each domain in separate jail
2. Create jails, I use sysutils/iocage
3. Install FTP server in separate jail (jail name is ftp.mydomain.com), for FTP server I use ftp/pure-ftpd
4. Create new user for FTP server and define directory where the user can save/store files
Code:
INSERT INTO users (User, status, Password, Uid, Gid, Dir, ULBandwidth, DLBandwidth, comment, ipaccess, QuotaSize, QuotaFiles) VALUES ('webadmin', '1', ENCRYPT('topsecret','ramdom'), '2001', '2001', '/home/www.mydomain.co.uk', '100', '100', '', '*', '50', '0');
in my example I define user's directory under /home folder in ftp.mydomain.com server
5. Put mount point of www directory of each domains into the file /etc/fstab.ftp_mydomain

I can login to the ftp server and see all my files but I cannot edit any of them..
Code:
[ERROR] Can't open that file: Permission denied
and this is where I am stuck.

So I tried to create another user with www privilege
Code:
INSERT INTO users (User, status, Password, Uid, Gid, Dir, ULBandwidth, DLBandwidth, comment, ipaccess, QuotaSize, QuotaFiles) VALUES ('ftptest', '1', ENCRYPT('topsecret','ramdom'), '80', '80', '/home/www.mydomain.co.uk', '100', '100', '', '*', '50', '0');
When I try to connect with ftptest, I am constantly prompt for the password and connot login.
The log file from the ftp server give me
Code:
Can't login as [ftptest]: account disabled

On the webserver, the file permision for httpdocs are:
root@webserver:~ # ll /usr/local/www/production/
Code:
total 2496
drwxr-xr-x  7 www  wheel      18 Mar 23 20:38 httpdocs/
drwxr-xr-x  2 www  wheel       4 Mar 23 21:53 logs/
drwxr-xr-x  2 www  wheel       2 Mar 23 20:18 ssl/
drwxr-xr-x  2 www  wheel       2 Mar 23 20:18 tmp/
root@webserver:~ # ll /usr/local/www/production/httpdocs/
Code:
total 344
-rw-r--r--  1 www  wheel   960 Feb 21 11:24 404.shtml
-rw-r--r--  1 www  wheel  2928 Feb 22 11:28 about.shtml
-rw-r--r--  1 www  wheel  3289 Feb 23 17:08 contact.shtml
drwxr-xr-x  2 www  wheel    14 Mar 23 20:38 css/
-rw-r--r--  1 www  wheel  1219 Feb 23 22:09 email.php
drwxr-xr-x  2 www  wheel     7 Mar 23 20:38 font/
drwxr-xr-x  3 www  wheel    11 Mar 23 20:38 images/
drwxr-xr-x  2 www  wheel     5 Mar 23 20:38 includes/
-rw-r--r--  1 www  wheel  5885 Mar 17 22:12 index.shtml
drwxr-xr-x  3 www  wheel     9 Mar 23 20:38 js/
-rw-r--r--  1 www  wheel  5390 Feb 21 11:24 privacy.shtml
-rw-r--r--  1 www  wheel    78 Feb 21 12:04 robots.txt
-rw-r--r--  1 www  wheel  4537 Feb 22 11:29 services.shtml
-rw-r--r--  1 www  wheel   797 Mar 17 22:31 sitemap.xml
-rw-r--r--  1 www  wheel  3821 Feb 21 11:24 terms.shtml
-rw-r--r--  1 www  wheel  4626 Mar 18 10:11 testimonials.shtml

Could anyone please assist me?
Thank you
 
Code:
INSERT INTO users (User, status, Password, Uid, Gid, Dir, ULBandwidth, DLBandwidth, comment, ipaccess, QuotaSize, QuotaFiles) VALUES ('webadmin', '1', ENCRYPT('topsecret','ramdom'), '2001', '2001', '/home/www.mydomain.co.uk', '100', '100', '', '*', '50', '0');
in my example I define user's directory under /home folder in ftp.mydomain.com server
5. Put mount point of www directory of each domains into the file /etc/fstab.ftp_mydomain

I can login to the ftp server and see all my files but I cannot edit any of them..
Code:
[ERROR] Can't open that file: Permission denied
and this is where I am stuck.

User with uid:gid 2001:2001 have to be owner of folder/files in location /home/www.mydomain.co.uk.
 
Because your FTP service and your website are running on different jails there's no exchange of identification. Meaning users/permissions that exist on the FTP host have no influence on the web host. That's actually the whole point of putting services in a jail, separation of privileges.

You will either need to create the exact same user accounts and permissons on both hosts or use something like LDAP to force each host to use the same accounts.
 
You will either need to create the exact same user accounts and permissons on both hosts
SirDice the www:www account should be the same on both jails isn't?
They come built with FreeBSD /etc/passwd.
How would you create the exact same user account manually?
Is LDAP difficult to implement/understand?
 
SirDice the www:www account should be the same on both jails isn't?
They come built with FreeBSD /etc/passwd.
Yes, you're correct.

How would you create the exact same user account manually?
pw(8) is probably the easiest. You need to make sure the UID/GID of each individual user is the same for each host.

Is LDAP difficult to implement/understand?
It's easy to install but can be quite tricky to implement correctly. It's not that difficult to understand though, once you get past the initial shock.
 
Hi SirDice ,vejnovic so if the www account are the same UID/GID, why do I get the message
Code:
Can't login as [ftptest]: account disabled
when i created the account with
Code:
INSERT INTO users (User, status, Password, Uid, Gid, Dir, ULBandwidth, DLBandwidth, comment, ipaccess, QuotaSize, QuotaFiles) VALUES ('ftptest', '1', ENCRYPT('topsecret','ramdom'), '80', '80', '/home/www.mydomain.co.uk', '100', '100', '', '*', '50', '0');
Do I need to run chown -r www /home/www.mydomain.co.uk in addition for the user ftptest to be able to connect?
 
I'm not sure how the FTP account interacts with FreeBSD. It's possible it checks the UID, which is for the www account. And that account is not allowed to login.
 
Back
Top