Can't see files in FTP nor access them from web

[devboy]

Hi,

I set up nginx on a VM somewhere and everything is working fine. Then I tried to build some directory structure under the nginx root HTML folder. I received 403 forbidden for a file so normally I assumed permissions. Using root I gave entire dir structure chmod -R a+r /usr/share/ngnix/html/myfolder. Still 403.
Then I SFTP'd into this box using a didcated web FTP account. I am not that experienced to be able to tell how is this user set nor which permissions it has, but by default it can view all directories in the system. When navigating to the HTML root I could see myfolder but when going inside I was seeing nothing. No subfolder, no files. needless to say ls -al from bash on any of these is giving me rwxr--r-- for all files and directories.

if I copy some arbitrary file from within the myfolder dir to html root and give it a+r it IS accessible from web and SFTP. If this were only a 403 I would assume something I am not configuring properly on nginx, but since SFTP is showing same behavior I am led to believe it is something in the directories themselves!? What else is there besides file permissions??

Thanks,
DB

[scathefire]

is the system using selinux?

[devboy]

Hi Scathfire,

I actually have no idea what it means or does, but I think not:


[root@vps52808 /]# rpm -qa | grep selinux
libselinux-1.33.4-5.5.el5
libselinux-utils-1.33.4-5.5.el5
libselinux-1.33.4-5.5.el5
libselinux-python-1.33.4-5.5.el5
[root@vps52808 /]# /usr/sbin/getenforce
Disabled
[root@vps52808 /]#

[sarmed]

Try running the command to check which mode SELinux is in.

getenforce

You could also try the command system-config-securitylevel (for RHEL..dunno whether it works on other distributions..)

[crazpiyush]

Change the context of ftp dir

Code:

chcon -R -t public_content_rw_t /usr/share/ngnix/html/myfolder

change boolen of ftp share so that anyone can write into it

Code:

setsebool -P allow_ftpd_anon_write=1

and then check

Code:

[root@station4 ~]# getsebool -a | grep -i ftp
allow_ftpd_anon_write --> on
allow_ftpd_full_access --> off
allow_ftpd_use_cifs --> off
allow_ftpd_use_nfs --> off
allow_tftp_anon_write --> off
ftp_home_dir --> off
ftpd_connect_db --> off
ftpd_disable_trans --> off
ftpd_is_daemon --> on
httpd_enable_ftp_server --> off
tftpd_disable_trans --> off

try with these options.......

[devboy]

Guys, thanks for the responses, but don't the lines above:

Code:

[root@vps52808 /]# /usr/sbin/getenforce
Disabled

mean that SELinux is disabled?
crazypush, chcon and setsebool are selinux commands, but if it's disabled what's the point?

Cheers,
DB

[devboy]

crazypush, went ahead and tried you suggestions anyway... chcon gave me:

chcon: can't apply partial context to unlabeled file /usr/share/nginx/html/myfolder

[crazpiyush]

sorry, i didn't see that ur selinux was disabled.........

[devboy]

Hi,

Resolved this. As expected this was a result of my ignorance. FTP user and web server users were different. FTP user needed execute on the directories to list them (which it didn't have). Fixed it all by adding FTP user to web server group, changing ownership for entire hierarchy to web server group and giving +x to directories and +r to all files.