2

I'm trying to add FTP access to the Apache web files, in the past I have done this with an ftpuser and group arrangement. This time I would like to make it possible to login directly as www-data (the default Apache user on Debian) to make things a bit cleaner.

I have checked and re-checked all the common issues;

  • MinUID is set to 1 (www-data has uid 33)
  • www-data has shell set to /bin/bash in /etc/passwd
  • PAMAuthentication is off
  • UnixAuthentication is on
  • I have restarted pure-ftpd using /etc/init.d/pure-ftpd restart

My resulting pure-ftpd run is;

/usr/sbin/pure-ftpd -l unix -A -Y 1 -u 1 -E -O clf:/var/log/pure-ftpd/transfer.log -8 UTF-8 -B

My syslog contains;

Oct 7 19:46:40 Debian-60-squeeze-64 pure-ftpd: (?@xxx.xxx.xxx.xxx) [WARNING] Can't login as [www-data]: account disabled

And my ftp client is giving me;

530 Sorry, but I can't trust you

Am I missing something obvious?

masegaloeh
  • 17,978
  • 9
  • 56
  • 104
lynks
  • 151
  • 1
  • 6
  • You answered your own question, which is good. But another suggestion I have—to achieve your larger goal—is to create a common `www-group` that would be accessible by Apache & others. The trick is to adjust `/etc/apache2/envvars` so Apache creates files that are group writable by adding `umask 002` to the bottom of that file and then changing `export APACHE_RUN_GROUP=www-readwrite` to be `export APACHE_RUN_GROUP=www-group`. Then you can assign other users to that `www-group` and even make `www-group` a user’s default group. – Giacomo1968 May 03 '14 at 03:31

1 Answers1

1

On Debian squeeze, if you have installed pure-ftpd from the repos, the init.d script appears to be bugged:

/etc/init.d/pure-ftpd restart

Results in syslog containing;

pure-ftpd: (?@?) [ERROR] Unable to start a standalone server: [Address already in use]

And a peek with netstat -ltpn clearly shows that pure-ftpd continues to run, that is to say restart does not attempt to stop the server, it merely attempts to run a new instance, and fails.

The solution is to kill the pre-ftpd process. And then start it again with init.d (or manually as with the example run code in the OP.

Giacomo1968
  • 3,522
  • 25
  • 38
lynks
  • 151
  • 1
  • 6
  • I discovered this solution while I was halfway through posting the question. It might seem a little off as an answer, but it was my issue nevertheless, and I thought someone in the future might just benefit (I have been googling for hours). – lynks Oct 07 '12 at 18:01