I do not recommend having a set up like this due to the multiple security vulnerabilities that it presents. There are much better and more secure ways to develop and deploy to a server. If you can use WebDAV, scp, etc.
If you still wanted to do this, there are some configurations you need to make, in order to have that ftp user upload files and have them be saved with the proper ownership and permissions, so that the webserver can still serve them.
This how-to is for Debian or any Debian derivative like Ubuntu. The set up would be almost identical for any other Linux distro, but you might have to use a different package manager instead of aptitude to install vftpd and the root of the web server might have a different path instead of /var/www.
1. Install vsftpd if you have not yet done so:
sudo apt-get install vsftpd2. Edit /etc/vsftpd.conf. Here we will allow local users to ftp and set the default permissions (umask) for the files they upload. Make sure that the following is uncommended/added in the file:
anonymous_enable=NO
local_enable=YES
write_enable=YES
local_umask=0002
anon_upload_enable=YES
anon_mkdir_write_enable=YES
file_open_mode=0777
For the mask to work properly (even without anonymous access) it seems necessary to set anon_upload_enable=YES and anon_mkdir_write_enable=YES. If these are not set, writing, reading and executing will not be allowed for groups or others on files uploaded via ftp (even though the standard privileges may be set for something else).
Here, file_open_mode sets the default setting of files. 777 makes it readable, writable and executable for anyone. With local_umask set to 002, this gives you 775, as you requested.
Notice that local_umask defaults to 077, disabling groups and others to access files in any way (hence it is set here).
3. Restart the vsftpd to pick up the changes:
sudo service vsftpd restart4. Create a local user that will be used for ftp (in our case we will call him ftpuser) and set the home directory to /var/www
sudo adduser ftpuser
sudo usermod -d /var/www -m ftpuser
5. Add the ftpuser to the www-data group
sudo usermod -a -G www-data ftpuser6. Set the correct permissions on /var/www
sudo chgrp -R www-data /var/www
sudo chmod -R g+w /var/www
7. Make the directory and all directories below it “set GID”, so that all new files and directories created under /var/www are owned by the www-data group
sudo find /var/www -type d -exec chmod 2775 {} \;8. Find all files in /var/www and add read and write permission for owner and group
sudo find /var/www -type f -exec chmod ug+rw {} \;
so that means that i will have to change permissions for each file that i will upload?
Is there a way to change definitely permissions for all the files i will upload in the future?
@Ethan
No, That is why you set the umask (see step 2). All files will be saved with the proper permissions. You don’t have to go in after that and change their permissions.
Worked for me on my Raspberry Pi2 running Raspbian Jessie.
Just wanted to thank you for this article. I’ve been using this method for a while now with my vsftp server and thought that I’d just give my thanks. Works perfectly.
The file_open_mode=0777 does not work (anymore) made me search half a day to identify this error.
Thank you for this is work very well for me. I add some line in /etc/vsftpd.conf
chroot_local_user=YES
allow_writeable_chroot=YES
so the user will keep in the /var/www