I've got a few problems with permission/owner group setup on my VPS.

It's running LAMP (Ubuntu 12.10, apache2, mysql 5.5, PHP 5.5.8).

I've setup vsftpd as a forum platform I'm running needs ftp access to install it's own updates/modifications, etc.

I'm confused about owners and groups. The ftp user is "ftpuser" for example, and it's user ID: 1001. When I upload files via an FTP client logged in with that username, the ID of the owner of the file I just uploaded is set to 1001 1001 (owner/group). When the forum platform which uses the same details uploads a file, it's set to 33 33, which is the ID of the www-data owner and group (apache).

I've tried adding my "ftpuser" account to the www-data group, but it doesn't help. The issue is that the forum cannot make changes, it's saying the directories are not writable, but they're set to 777.

Any advice is much appreciated.


  • 630
  • 1
  • 9
  • 22

2 Answers2


By adding ftpuser to the www-data group you are allowing ftpuser to modify files owned by the www-data group not the other way around. You could add www-data to the ftpuser group.

If you don't want to give the FTP users permission over your web app (which could be a nice idea) you could create a third group (e.g., upload-users) and put both users in that group. This group will then also own the upload directory.

You should also change the permissions of the directory: with 777 you are giving every possible permission to everybody. Reduce it at least to 775.

  • 457
  • 3
  • 14
  • Hi, Thanks Matteo. I'm confused about the difference between users and groups and how permissions are inherited from one to the other. I've been reading this, but the penny isn't dropping just yet: https://drupal.org/node/244924 I want ftpuser to be able to read and write files within /var/www/ Apache/PHP needs to be able to modify files too, so the forum platform can install it's own updates, so I assume www-data (which I assume is Apache) should be a part of www-data group. I'm totally clueless :( Any advice or reading resources from beginner level would be excellent. Thanks. – i-CONICA Feb 11 '14 at 16:15

You can read up on this stuff here. I guess every of the first 5 topics can help you on this, at least a bit.

Basically the permission for a file (folder) is split into 3 parts: user-part, group-part and the rest-part. Every part has 3 elements which define the permissions: r-read w-write and x-execute.

You can explicitly set permissions for the owner, the group and the rest (with chmod). Said this you can set the permissions from 777 or rwxrwxrwx down to 000 which shuts the file (folder) down for everyone (including the user/ownwer). And of course anything in between.

Read up about how to control access with the link provided on top. Hope that helps!

  • 1,155
  • 2
  • 9
  • 18
  • Hi, Chris. Thanks for the info. The LMGTFY was expected, but I've looked at lots of pages and few seem specific to my needs in running a lamp stack, they're all general info which while well worth reading, I'm in a bit of a hurry, I can study properly later. I'm getting lots of what I can/could do, but what I needed was what I should do. Thanks though, I'll do some further reading. – i-CONICA Feb 12 '14 at 10:52
  • 1
    Like Matteo said, try adding apache to the `ftpuser`-group, as your files are owned by the id 1001. Once done with that you need to ensure that your permission mask has the `rwx` set for the group. The center part (referencing my post). E.g. `chmod g+rwx `. Another thing is the 7 for the rest. In most cases this is not needed. There is a lot of false information out there. – Chris Feb 12 '14 at 11:53