How do I make a folder owner writable, and world readable

server permissions apache2 ftp

I have just successfully setup a local user with FTP access with his own home folder and chrooted to that folder, but he's asking if there's a way for that folder (/home/username) can be owner writable and world readable for apache? This is so that others in the same building can download files using standard http protocols but only the owner can upload via FTP.

EG A local user sends a zip file to his home location (/home/user), and someone in the building opens that location using http://domain sees that file and clicks it to download it, but the owner can replace the file at anytime for things like, updates, etc etc.

I have set apache directives to allow all access, and to follow symlinks, and create directory listing, but when the url is entered into a browser all that happens is 'You do not have permission to access this location', I have tried just about everything possible, I even tried adding the user to the www-data group that apache uses, basically what's needed is a user uploads via FTP, and anyone can view the listing and download from that location.

I think it's possible, but if not, then how do web developers update their websites using FTP to upload and yet everyone can still see the site?


but he's asking if there's a way for that folder (/home/username) can be owner writable and world readable for apache?

Please do not mess with home's permissions. If you want to go that route use a dedicated partition and change the permissions there. That is a lot more secure. I have had Windows users removing hidden files like .profile and .bash* because they did not put them there themself

do web developers update their websites using FTP to upload and yet everyone can still see the site?

Generally I would advice to not do this. More secure method:

  1. let developers upload files to a home directory (each developer with his own home so you can track the changes).
  2. have a job (cron/systemd/directory watcher) check for new files.
  3. as an extra feature: make a backup of the website files you want to update using the developers username as part of the backup.
  4. have that job copy or move files over from developer home to webserver changing user, group and permissions to the website settings.
  • Are you sure it is www-data? Nowadays it should be apache/apache.
  • This way you can always restore the previous state without all developers have to make backups (they can for their own purpose).

If you still want them to directly update files.

  • create a user you all can use to log into the server.
  • set apache user and group to the same user
  • let them upload files using that user.

... and always use private keys :)

Related

Chromium crashes when opening multiple YouTube tabs?
Security Delete files [duplicate]
Swap some keyboard keys
Ubuntu 20.04 Installer Doesn't Recognize Disk Partitions
Ubuntu 20.04LTS is taking automatically screen shots
Can I forward content from one Azure Log Analytics Workspace to another?
Reverse proxy SSH using NGINX. (Subdomains to Docker containers running SSH)
How can I turn off Visual Studio 2013 Preview? [duplicate]
How can I change the current URL?
How to clear File Input
What is the right way to add data to an existing named volume in Docker?
How to view the Folder and Files in GAC?