how to use webftp

[rseffner]

Hi,

 

I running latest stable froxlor using fcgid and nss so the virtualhost froxlor.domain.tld executes php as virtual user "user1". So webftp ist running also as "user1" and "ftpuser2" connectedt with customer/domain domain2.tld is not able to see any of his files. I would not like to change the group of all the user files to the group of my virtual webftp php user because I'm sure the customers will forgett this to do by themselves.

 

Any ideas?

 

regards Ronny

[EleRas]

Hi,

 

The user running WebFTP doesn't matter at all, since it really connects only to the running FTP - server, which automatically uses the correct permissions of the connected user.

 

So long,

Florian

[Fraiser]

Hi,

if you use TLS/SSL encryption, like me, you must add the statement

 

NoSessionReuseRequired

 

to the proftpd.conf or tls.conf (depends on where you put your entrys to).

It will look like this.

 

TLSOptions                      NoCertRequest NoSessionReuseRequired

 

Restart proftpd and the it should worke. It did for me (after seeking for 2 hours )

 

regards

 

Fraiser

[rseffner]

Hi Florian,

 

The user running WebFTP doesn't matter at all, since it really connects only to the running FTP

 

But why I have permission problems then?

 

There is customer1 running froxlor in froxlor.domain.tld, all files (also) webftp.php were owned by user customer1 group customer1.

Now customer2 logs in WebFTP using one of his ftp accounts and is not able to see any of his files, owned by user and group customer2 with rights 0644.

 

If this user creates a new file using WebFTP's function this file also gerts customer2.customer2 with 0644 - as expected. But this user is unable to see this file in WebFTP's file list.

If I change owner to customer1.customer2 0644 this user is able to see his files but not to edit. It's also able to own files by root to make them visible.

 

What's the problem?

 

 

regards, Ronny

[rseffner]

Hi Frasier,

 

NoSessionReuseRequired

 

this did not solve my Problem but I also think the reason is not in proFTPd. FROXLOR and also webftp.php is running under user 'xyz' in php-fcgid and so its not able to see any files owned by another user when logged in as e.g. user 'zzz'. Logged in as user 'zzz' its possible to create a file, checking permissions using shell shows owner.group 'zzz' rights 0644 but in webftp.php I am not able to see this file as user 'zzz'. I believe its a problem of webftp.php + php-fcgid (running FROXLOR "suEXECd").

 

regards

 

Ronny

[EleRas]

Hi,

this did not solve my Problem but I also think the reason is not in proFTPd. FROXLOR and also webftp.php is running under user 'xyz' in php-fcgid and so its not able to see any files owned by another user when logged in as e.g. user 'zzz'. Logged in as user 'zzz' its possible to create a file, checking permissions using shell shows owner.group 'zzz' rights 0644 but in webftp.php I am not able to see this file as user 'zzz'. I believe its a problem of webftp.php + php-fcgid (running FROXLOR "suEXECd").

 

Since webftp.php does _never_ directly write files in customer directories, this is simply impossible. Our webftp is only able to connect to a FTP - server (default: localhost). The permissions of the webftp.php - script are irrelevent.

 

So long,

EleRas

[rseffner]

Hi EleRas,

 

I understand. webftp.php connects to the FTP-server instead of doing filesystem listings itself. But why it is only possible to list files owned by the user running php?

 

I added a user to a customer, then I logged in using this new user at webftp.php.

 

proftpd logs of this:

Sep 20 13:50:17 ns1.its-seffner.de proftpd[10430] 78.46.92.37 (127.0.0.1[127.0.0.1]): FTP session opened.
Sep 20 13:50:17 ns1.its-seffner.de proftpd[10430] 78.46.92.37 (127.0.0.1[127.0.0.1]): Preparing to chroot to directory '/var/www/webs/jan2011'
Sep 20 13:50:17 ns1.its-seffner.de proftpd[10430] 78.46.92.37 (127.0.0.1[127.0.0.1]): USER its@tyXXXXXXXXX.com: Login successful.
Sep 20 13:50:17 ns1.its-seffner.de proftpd[10430] 78.46.92.37 (127.0.0.1[127.0.0.1]): FTP session closed.

 

I was able to login and created a new file "file2.txt" using webftp.php. Creation was successfull but I can't se the result using webftp.

 

direcory listing:

ns1:/var/www/webs/jan2011# ls -la
total 28K
drwxr-xr-x  5 jan2011 jan2011 4,0K 2011-09-20 13:51 .
drwxr-xr-x  9 root    root    4,0K 2011-06-23 15:40 ..
drwxr-xr-x  4 jan2011 jan2011 4,0K 2011-07-06 10:19 awstats
-rw-r--r--  1 jan2011 jan2011    7 2011-09-20 13:51 file2.txt
-rw-r--r--  1 jan2011 jan2011    6 2011-09-18 12:40 file.txt
drwxr-xr-x 11 jan2011 jan2011 4,0K 2011-07-07 21:02 tyXXXXXXXXX.com
drwxr-xr-x 14 jan2011 jan2011 4,0K 2011-07-19 10:27 tyXXXXXXXXX.de

 

I also checked libnss user mapping:

ns1:/var/www/webs/jan2011# id its@tyXXXXXXXXX.com
uid=10002(jan2011) gid=10002(jan2011) groups=10002(jan2011)

 

All seems ok. Cheking using filezilla as same user results in listing the whole chroot as 'ls' shows. What is wrong with my webftp.php installation?

 

And - of course - if I change file owner to the user used for interpreting webftp.php using suexec, I see the changed file in webftp. Thats why I believed in an php-fcgid reason.

 

 

regards

 

Ronny