Shulou(Shulou.com)06/01 Report--

How to solve the problem of FTP user and apache user rights under LINUX, many novices are not very clear about this. In order to help you solve this problem, the following editor will explain it in detail. People with this need can come and learn. I hope you can get something.

The original LINUX system has not been studied at all, due to the need of forum space, the purchase of foreign VPS, installed LINUX system. Just got the background account completely dizzy, everything is blank, no system, no HTTP server, is a completely naked "network hard drive". Fortunately, there is Uncle Baidu, so that I can "catch the moon in the water", do not check do not know, the original use of these foreign VPS information is also pitiful. Finally learned SSH, and after a lot of trouble, finally installed the kloxo panel. This is finally good, there is HTTP, FTP also has. After passing the information, I found that the problem of permissions was very serious. "user name", "user group" and what "owner" had to change the "owner" with the chown command, which almost got confused. Finally got the forum up and running, and before long, the problem came again. Do not know why, FTP files can not be displayed, modified in the kloxo panel, life and death can not be displayed, sometimes can not log in. Baidu uncle there did not find any available information, it is estimated that I am the only one to encounter this kind of problem! With regard to the issue of FTP permissions, I have thought about it carefully for a long time. It is estimated that there is a problem with the permissions of FTP users and the owner rights of the directory. The FTP user management function in the kloxo panel is too simple, and no matter how to change it, I have to check the relevant commands. Huang Tian lived up to his heart, and finally let me find a command way to manage FTP users: sudo useradd-g apache-d / dev/null-s / bin/false ftpadmin first create a ftpadmin user, belonging to the apache user group, the result appears as follows: Creating mailbox file: File exists

Useradd: warning: the home directory already exists.Not copying any file from skel directory into it.

It is estimated that the same file has been created before. Regardless of it, come to the following code: sudo pure-pw useradd admin-u ftpadmin-d / home/admin/XXX.com

This is to create a FTP user admin in the pure-ftpd program and bind to the system user ftpadmin you just created. The home directory of the FTP user is / home/admin/XXX.com. After executing each command, pure-pw will ask for the account password. After entering the password twice in a row, the FTP account is generated. Next, update the virtual user database every time you modify the user settings, without restarting the service, run the following command:

Sudo pure-pw mkdb

Finally, change the owner of the root directory of the site to ftpadmin, otherwise FTP will not be able to upload files. Chown-R ftpadmin / home/admin/XXX.com

-

When we use the PHP program, after the installation, if you want to delete the entire directory, you will find that apache users have generated some files, ftp users can not delete.

As a matter of fact, there is a solution.

Method 1. User group control method

First, all virtual users (ftp users) in the virtual host are added to the apache group. Then set umask to 002. In this way, both users and groups have read and write permissions. This is an easier method. But it's not safe. Different users can delete each other's files, because it is the same group, the group has read and write permission.

Method 2. Use the advanced permissions of linux to manage acl.

Set double permissions on a directory, in addition to the user's own user group, add apache to his read and write permissions.

This allows the user to delete the files generated by apache. But for other people's group, he can't delete other virtual users.

Let's take a look at the second control method.

In the linux system, you can not only assign a file (directory) permission to the owner, the same group users and other users. You can also specify other users or groups. However, add the acl option when mounting the partition, such as:

Mount / dev/hda1 / home-o acl.

Then you can use the

Setfacl-m u:ftp:rwx / home/ftp/www

Command to assign all permissions to the / home/ftp/www directory to the ftp user

If you want to create new directories and files under / home/ftp/www/, you have the same permissions.

Setfacl-d-m u:ftp:rwx / home/ftp/www

Set default permissions, and this command can also control different permissions for multiple users, such as

Setfacl-m u:ftp:rwx / home/www

Setfacl-m u:tmp:r-x / home/www

The ftp user has all permissions and the tmp user has read-only access.

You can also set the value of mask:

Setfacl-m m::rwx / home/www

In this way, you can allow both the user of the virtual host and the apache user to operate the files and directories. For example, the user name of the apache user is apache, the user name of the virtual host is vmuser, and the directory is / home/vmuser/www. You can use the following command:

Setfacl-mu: vmuser:rwx / home/vmuser/www

Setfacl-mu: apache:rwx / home/vmuser/www

Setfacl-d-mu: vmuser:rwx / home/vmuser/www

Setfacl-d-mu: apache:rwx / home/vmuser/www

Setfacl-m m::rwx / home/vmuser/www

Setfacl-d-m m::rwx / home/vmuser/www

In this way, when you install the PHP program, you will not be prompted that the apache user does not have permission to write files, and when you want to delete a directory, it will not be deleted because there are apache user-generated files below. Of course, this method is a little limited is that basically only ext2 and ext3 partition format can be used, other, such as xfs,jfs can not be used directly, can only be used after modification.

Is it helpful for you to read the above content? If you want to know more about the relevant knowledge or read more related articles, please follow the industry information channel, thank you for your support.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.