FTP Uploading for Web Sites

[ToddJob]

I’m currently moving our web servers from Webstar to OSXS 10.4. I host a number of sites. Each has individual logins using FTP. However the permissions always get messed up when ever I load these using FTP. (rwx – {ftp username} r- staff r- everyone). Apache is unable to access these files correctly. The work around I have for this is using WebDAV so the correct “www” permissions are applied but I do have some sites that require FTP. Any ideas?

[afterhours]

How, exactly, are you creating your FTP accounts?

For instance, Apple’s OSXS GUI admin model is to use the WGM settings for each account as FTP access. If you are managing your FTP access in any other means, then return to the GUI for any reason, there’s a good chance your settings will be buggered up.

Let’s run through a setup strictly using the GUI (SA and WGM). Presumably, you would add a new user, and create a ‘home’ for that user. (You’re trying to imitate your Webstar experience, so you likely also set a quota for the account.):

+ New User, gave user/account a name, perhaps created an additional short name to match their existing account on your webstar machine so you don’t confuse them too much. Entered in a strong password (or their prior password) and selected the ‘access account’ checkbox.
Selected the Home tab, highlighted the location of where the new home directory will reside, and clicked on the ‘Create Home Now’ button. Then set a Disk Quota and clicked on Save.

At that point, from the Apple-way of doing things, you’ve just created your ftp account for this new user. Of course, because a home was created, a lot of extraneous folders were also generated that have nothing to do with web serving (and can be eliminated).

Now (again, doing this the ‘Apple GUI’ way), you would likely want to set up the ftp server and the http server to actually serve this account. I want to guess you’ve already figured this ou:

FTP server is pretty brain-dead… just turn it on, set up your authentication, messages, loggins and directory limitations.

Permissions are correct for the ‘Sites’ subfolder that is generated by the above process. Note that the other detris created will have different permissions that an FTP client will NOT be able to defeat.

Not that you asked, but the rest of the simplistic model of site management in a nutshell:

HTTP is the ‘web’ service pane. Go to Settings:Sites, set up your new site (domain), edit its ‘Web Folder location (the home you just created above – select the new Home directory — perhaps in your ‘users’ folder — and select a subdirectory the ftp client can edit fullly such as the default ‘Sites’ folder the WGM creates), check all of your other parameters, save, exit the edit mode, and be sure the ‘enabled’ checkbox is checked (save again). Note that your GUI will not be able to see subsequent Home directories created by the WGM if you try to generate more than one during an edit session as the SA GUI doesn’t update its directory list in realtime. It can only see the first newly-created Home directory after it has been launched. Subsequent Homes exist, but its visible list doesn’t update unless you close the server connection, then re-authenticate the SA back in.

Now that I’ve completely missed the question, can you restate what precisely you’re doing in your management?

[ToddJob]

Here’s process I use for exampleco.com

1) create a folder called exampleco.com in /Library/WebServer/Documents
2) set up the domain http Server Admin. ie http://www.exampleco.com
3) set up an account in WGM ‘exampleco’
4) set up ftp share point @ /Library/WebServer/Documents/exampleco.com

This is when the problem occurs. http service requires r/w permission to a folder in order to publish web pages. When you upload files via ftp the defaults 755 permissions with the users named ‘exampleco’ this is when the issues happen. http service needs to have user be ‘root’ or ‘www’ or group to be ‘www’ or ‘admin’.

Does this clarify what is happening?

[ToddJob]

Here’s process I use for exampleco.com

1) create a folder called exampleco.com in /Library/WebServer/Documents
2) set up the domain http Server Admin. ie http://www.exampleco.com
3) set up an account in WGM ‘exampleco’
4) set up ftp share point @ /Library/WebServer/Documents/exampleco.com

This is when the problem occurs. http service requires r/w permission to a folder in order to publish web pages. When you upload files via ftp the defaults 755 permissions with the users named ‘exampleco’ this is when the issues happen. http service needs to have user be ‘root’ or ‘www’ or group to be ‘www’ or ‘admin’.

Does this clarify what is happening?

[afterhours]

[QUOTE][u]Quote by: ToddJob[/u][p]Here’s process I use for exampleco.com

1) create a folder called exampleco.com in /Library/WebServer/Documents
2) set up the domain http Server Admin. ie http://www.exampleco.com
3) set up an account in WGM ‘exampleco’
4) set up ftp share point @ /Library/WebServer/Documents/exampleco.com

This is when the problem occurs. http service requires r/w permission to a folder in order to publish web pages. When you upload files via ftp the defaults 755 permissions with the users named ‘exampleco’ this is when the issues happen. http service needs to have user be ‘root’ or ‘www’ or group to be ‘www’ or ‘admin’.

Does this clarify what is happening?[/p][/QUOTE]

Yes, it helps — but you don’t tell us exactly how you create the folder or the share point. We all know the cliche ‘the Devil’s in the Details’ – translation: if you don’t tell us precisely what you are doing at each step, you and we make assumptions that can waste a ton of time. Be explicit on each step, or we just dance around each other.

Sounds like you are creating the folder from the console (you are directly controlling the server, logged in as root or admin) — hence the permissions assigned to whatever you create via command-shift-n.

Reread my post — and understand how Apple’s GUI is functioning. It creates a new user first, then a ‘home’ or series of directories FOR THAT USER when the WGM is used. Upon that creation, the rwx assignments for those folders are given to that new user. Hence the rest of the steps used via their GUI tools (SA as well as WGM) follow the permissions relative to that user’s account. For clarity:

With the WGM, the User account is generated first, then the Create Home Now button creates the subdirectories with the appropriate permissiions to that users’ home folders assigned.

Your method seems to suggest that you are creating a folder that would be owned by the root or admin account by which you log in (either via console, TB2, ARD or however you are getting to the server’s Finder). Bad form, that. And that is the source of your headache. If you are wedded to your method, then I suggest you either add in a step 3b.) where you reassign the permissions for the folder that you create in your Step 1 to the user you create in Step 3 — or you could simply start by creating a new user account as step 0 (System preferences:Accounts), then trudge along with my step 3b.

or you avoid going into the console altogether and adjust your management to start with WGM, followed by the SA as I outlined in my previous post. I’m not mocking you for being pointy/clicky. I’m describing how Apple designed the expected use of the server package, and it was not with the intent that one manually goes in to generate directories under one account, then reassign permissions to match another account. Does that make more sense?

Webstar’s interface (supposedly) took care of permissions assignments, or who knows — maybe it 777’d every bloody folder on the machine. I abandoned all hope after 4D dropped the ball and Kerio bought it to poach the user list for sales calls. Pity that, but we move on.

Once upon a time, I had sketched together a manuscript for Internet serving on a Mac — including management of OSXS. Not exactly a complete work, but it contains some useful info. I can dredge up a PDF copy if you want it.

[Author]

Posts