FTP user and apache user permissions under LINUX

Originally did not study the Linux system, due to the needs of the forum space, the purchase of foreign VPS, installed LINUX system. When I got the background account, I was completely fainted. What is blank, no system, no HTTP server, it is a naked “Network Hard Drive”. Fortunately, there is Baidu Uncle, so that I can "water fishing in the moon", a turn, do not check do not know, the original foreign VPS use information is also very poor. . . I finally learned SSH, and it took a lot of trouble to finally install the kloxo panel. This is finally good, there is HTTP, and FTP is also available. . . After passing the information, I found that the problem of the permission is very serious. "Username", "User Group", and what else "owner", use the chown command to change "owner", almost fainted. . Finally, let the forum run, and it didn't take long for the problem to come again. I don't know what's going on, the FTP file can't be displayed, and it can't be displayed in the kloxo panel. Sometimes it can't be logged in. . . Baidu Uncle also did not find any available information, it is estimated that I encountered this problem! Regarding the issue of FTP permissions, I have thought about it for a long time. It is estimated that there is a problem with the permissions of the FTP user and the owner of the directory. The FTP user management function in the kloxo panel is too simple, and it is useless to change it. I have to check the relevant commands. Huang Tian pays off, finally let me find the command mode management FTP user: sudo useradd -g apache -d /dev/null -s /bin/false ftpadmin first create a ftpadmin user, belonging to the apache user group results The following content appears: Creating mailbox file: File exists useradd: warning: the home directory already exists. Not copying any file from skel directory into it. It is estimated that the same file has been created before, regardless of it, then the following code: Sudo pure-pw useradd admin -u ftpadmin -d /home/admin/XXX.com This is to create an FTP user admin in the pure-ftpd program and bind it to the system user ftpadmin just created. The home directory of this FTP user is After /home/admin/XXX.com executes each command, pure-pw will ask for the password for the account. The FTP account is generated after entering the password twice in succession. Then, each time you modify the user settings, you must update the virtual user database. You do not need to restart the service. Run the following command: sudo pure-pw mkdb Finally, change the owner of the website root directory to ftpadmin, otherwise the FTP file cannot be uploaded. . Chown -R ftpadmin /home/admin/XXX.com ------------

When we use the PHP program, after installing it, if you want to delete the entire directory, You will find that apache users have generated some files, ftp users can not delete.

In fact, this is a solution.

Method 1. User group control method First add virtual users (ftp users) in all virtual host hosts to the apache group. Then set umask to 002. Users and groups have read and write execution rights. . This is an easy way. But it is not safe. Different users can delete the other party's files, because they are the same group, the group has read and write execution permissions.

Method 2. Use linux advanced permissions management acl.

Set a double permission for a directory, in addition to the user's own user group, add apache to him to read and write permissions. This user can delete the files generated by apache. But for others' groups, don't The virtual user can't delete it.

Let's take a look at the second control method

Inside the Linux system, it is not only for the owner, the same group of users and other users. These three types of people assign a file (directory) permissions, you can also specify other users or groups, but there is a premise, mount the partition with the acl option, such as: mount /dev/hda1 /home -o acl .

Then you can use the setfacl -mu:ftp:rwx /home/ftp/www command to assign all permissions to the /home/ftp/www directory to the ftp user

if you want /home /ftp/www/The newly created directories and files have the same permissions. setfacl -d -mu:ftp:rwx /home/ftp/www

Set the default permissions. This command can also implement multiple users. Different permissions control, such as setfacl -mu:ftp:rwx /home/www; setfacl -mu:tmp:rx /home/www; ftp users have all permissions, tmp users have read-only permissions.

You can also set the value of the mask: setfacl -mm::rwx /home/www;

This way, you can create a virtual host user and apache user with permission. Files and directories, such as apache user username is apache, virtual host username is vmuser, directory is /home/vmuser/www, you can use the following command: setfacl -mu:vmuser:rwx /home/vmuser/www ; setfacl -mu:apache:rwx /home/vmuser/www; setfacl -d -mu:vmuser:rwx /home/vmuser/www; setfacl -d -mu:apache:rwx /home/vmuser/www; setfacl -mm ::rwx /home/vmuser/www; setfacl -d -mm::rwx /home/vmuser/www;

This way, when installing the PHP program, you will not be prompted that the apache user does not have permission. When writing a file, and you want to delete a directory, it will not be deleted because there are files generated by the apache user below. Of course, this method is a bit limited. Basically only the ext2 and ext3 partition formats can be used. Others, such as xfs, jfs, etc., cannot be used directly.