This document may help you understanding how permissions should be applied for your files/folders in order to Wordpress work without a hassle.
In my personal experience, giving 755 permissions to the WordPress folder does the trick, but certain folders will require to have 777 no matters what WordPress says, several plugins and/or updates (even to the WP core) won't work if those folders doesn't feature 777 permissions.
Quoted from the document that I mention in the top of this answer:
- All files should be owned by the actual user's account, not the user
account used for the httpd process.
- Group ownership is irrelevant, unless there's specific group
requirements for the web-server process permissions checking. This
is not usually the case.
- All directories should be 755 or 750.
- All files should be 644 or 640. Exception: wp-config.php should be
600 to prevent other users on the server from reading it.
- No directories should ever be given 777, even upload directories.
Since the php process is running as the owner of the files, it gets
the owners permissions and can write to even a 755 directory.
This answer: General Rules for dealing with File Permissions will be helpful for a better comprehension on the permissions in a Ubuntu based system. Which -in case to be a local server- won't need to be accessed through a FTP Client in order to perform the task, but using a terminal.
If you need further information about this, feel free to drop a comment. My WP Blog can be reached via http://geppettvs.x10.mx/blog and I faced this issue lots of times in the past for remote and local servers.
Glossary for my answer:
- Local Server should be considered a computer that I can plug with a keyboard or mouse in order to interact directly with its OS.
- Remote Server is a computer that is not physically in front of me and I can't plug a keyboard or mouse to it in order to work with
the computer's OS.
With a bit of playing around I've managed to come up with a semi solution (not perfect but good enough)
using 2707974 answer and information I've gained else where I've been able to get what I need.
First you need vsftp and PAM installed
apt-get install vsftpd libpam-pwdfile
Edit /etc/vsftpd.conf
nano /etc/vsftpd.conf
then paste in the following
listen=YES
anonymous_enable=NO
local_enable=YES
write_enable=YES
local_umask=022
local_root=/var/www
chroot_local_user=YES
allow_writeable_chroot=YES
hide_ids=YES
#virutal user settings
user_config_dir=/etc/vsftpd_user_conf
guest_enable=YES
virtual_use_local_privs=YES
pam_service_name=vsftpd
nopriv_user=vsftpd
guest_username=vsftpd
Edit to your exact needs the most important bit for virtual users is everything after the virtual user settings comment
Creating User
You can either use a database or htpasswd
I found htpasswd
faster and easier to use.
make a directory to store your users
mkdir /etc/vsftpd
htpasswd -cd /etc/vsftpd/ftpd.passwd user1
adding additional users just omit the -c
htpasswd -d /etc/vsftpd/ftpd.passwd user2
I've only managed to get it to work using CRYPT which limits to 8 chars
to use more than 8 chars use openssl to generate a compatible hash and pipe directly into htpasswd
htpasswd -c -p -b /etc/vsftpd/ftpd.passwd user1 $(openssl passwd -1 -noverify password)
Once your users are created you can now change your PAM config file
nano /etc/pam.d/vsftpd
and remove everything inside this file and replace with the following
auth required pam_pwdfile.so pwdfile /etc/vsftpd/ftpd.passwd
account required pam_permit.so
This will enable login for your virtual users defined in /etc/vsftpd/ftpd.passwd
and will disable local users
Next we need to add a user for these virtual users to use. These users will not have access to the shell and will be called vsftpd
useradd --home /home/vsftpd --gid nogroup -m --shell /bin/false vsftpd
the user must match guest_username=vsftpd
in the vsftpd conf file
Defining Directory Access
The important line here is the following
user_config_dir=/etc/vsftpd_user_conf
this means that when user1
logs in it will look for the following file
/etc/vsftpd_user_conf/user1
this file the same as the vsftpd.conf
so you can define a new local_root
going back to the question we want user1
to only have access to var/www/website_name1/sub_folder1
, so we need to create the vsftpd_user_conf
folder:
mkdir /etc/vsftpd_user_conf
Now create the user file:
nano /etc/vsftpd_user_conf/user1
and enter the following line
local_root=/var/www/website_name1/sub_folder1
Now restart vsftp
service vsftpd restart
you should now be able to login as user1 who will only be able to see
var/www/website_name1/sub_folder1
and any folder and file inside it.
That's it you can now add as many users as you want and limit their access to whatever folder you wish.
important to remember if you do not create a user conf file it will default to the var/www folder as root (in the example above)
If the subfolder is intended to be modifiable by the user, it might be necesary to change the owner of the shared subfolder:
chown vsftpd:nogroup /var/www/website_name1/sub_folder1
Best Answer
(Not sure why a question from 2014 pops up again on the homepage, but anyway :D )
It's probably not a good idea to mess with the overall permissions of the rest of the file system, like it has been suggested in the other answer. A better way would be to use a feature called "chroot".
"chroot", short for "change root", just does that: It changes the root of the directory tree the (FTP) user can acccess to what the admin wants it to be. Sometimes the same feature is referred to as "jailing" the user in their home directory.
Most FTP servers support chroot (with the exception of some very small, bare-bone ones). I'm not really familiar with vsftpd, but according to this how-to on Cybercity you need to set the config directive
chroot_local_user
to1
.