I do not recommend having a set up like this due to the multiple security vulnerabilities that it presents. There are much better and more secure ways to develop and deploy to a server. If you can use WebDAV, scp, etc.

If you still wanted to do this, there are some configurations you need to make, in order to have that ftp user upload files and have them be saved with the proper ownership and permissions, so that the webserver can still serve them.

This how-to is for Debian or any Debian derivative like Ubuntu. The set up would be almost identical for any other Linux distro, but you might have to use a different package manager instead of aptitude to install vftpd and the root of the web server might have a different path instead of /var/www.

1. Install vsftpd if you have not yet done so:

sudo apt-get install vsftpd

2. Edit /etc/vsftpd.conf. Here we will allow local users to ftp and set the default permissions (umask) for the files they upload. Make sure that the following is uncommended/added in the file:


For the mask to work properly (even without anonymous access) it seems necessary to set anon_upload_enable=YES and anon_mkdir_write_enable=YES. If these are not set, writing, reading and executing will not be allowed for groups or others on files uploaded via ftp (even though the standard privileges may be set for something else).

Here, file_open_mode sets the default setting of files. 777 makes it readable, writable and executable for anyone. With local_umask set to 002, this gives you 775, as you requested.

Notice that local_umask defaults to 077, disabling groups and others to access files in any way (hence it is set here).

3. Restart the vsftpd to pick up the changes:

sudo service vsftpd restart

4. Create a local user that will be used for ftp (in our case we will call him ftpuser) and set the home directory to /var/www

sudo adduser ftpuser
sudo usermod -d /var/www -m ftpuser

5. Add the ftpuser to the www-data group

sudo usermod -a -G www-data ftpuser

6. Set the correct permissions on /var/www

sudo chgrp -R www-data /var/www
sudo chmod -R g+w /var/www

7. Make the directory and all directories below it “set GID”, so that all new files and directories created under /var/www are owned by the www-data group

sudo find /var/www -type d -exec chmod 2775 {} \;

8. Find all files in /var/www and add read and write permission for owner and group

sudo find /var/www -type f -exec chmod ug+rw {} \;
How to create an ftp user and allow write to the apache root directory with proper permissions

6 thoughts on “How to create an ftp user and allow write to the apache root directory with proper permissions

  • October 27, 2015 at 10:32 am

    so that means that i will have to change permissions for each file that i will upload?
    Is there a way to change definitely permissions for all the files i will upload in the future?

  • November 19, 2015 at 9:34 pm

    No, That is why you set the umask (see step 2). All files will be saved with the proper permissions. You don’t have to go in after that and change their permissions.

  • December 15, 2015 at 4:13 pm

    Worked for me on my Raspberry Pi2 running Raspbian Jessie.

  • May 24, 2018 at 2:59 pm

    Just wanted to thank you for this article. I’ve been using this method for a while now with my vsftp server and thought that I’d just give my thanks. Works perfectly.

  • May 30, 2018 at 6:43 am

    The file_open_mode=0777 does not work (anymore) made me search half a day to identify this error.

  • November 26, 2018 at 6:59 pm

    Thank you for this is work very well for me. I add some line in /etc/vsftpd.conf

    so the user will keep in the /var/www

Leave a Reply

Your email address will not be published. Required fields are marked *