centos+nginx+php, directory permissions setting issue after using FTP tool

Background:
Website use nginx+php-fpm , run account for nginx:nginx , ftp account for test:ftp ;

Site root directory is /user/share/nginx/html/www ;

ftpTools for vsftpd ;

Now the site can be used normally, but the local use filezilla can not upload files, hints 553 Could not create file. , the following drawings:

Problem:
How to set www the directory permissions, in order to ensure that the security of the situation, nginx and ftp all can be used normally?

Reply content:

Background:
Website use nginx+php-fpm , run account for nginx:nginx , ftp account for test:ftp ;

Site root directory is /user/share/nginx/html/www ;

ftpTools for vsftpd ;

Now the site can be used normally, but the local use filezilla can not upload files, hints 553 Could not create file. , the following drawings:

Problem:
How to set www the directory permissions, in order to ensure that the security of the situation, nginx and ftp all can be used normally?

Although it may be irrelevant, but my suggestion is that each site with a separate user to run, the site related to all the files belong to the user, so that the site can be done between the permissions of the separation between the services. FTP also uses the owning user to log in.

Add test to the WWW user group, and then 775 should be available.
Usermod-a-G www test
chmod 775-r/user/share/nginx/html/www

Try removing the passive mode of the FileZilla, or vsftpd turn on the passive mode

/etc/vsftpd/vsftpd.conf End Append

pasv_enable=YESpasv_min_port=40000pasv_max_port=40080pasv_promiscuous=YES

/etc/sysconfig/iptables Open Port

-A RH-Firewall-1-INPUT -m state –state NEW -m tcp -p tcp –dport 21 -j ACCEPT-A RH-Firewall-1-INPUT -m state –state NEW -m tcp -p tcp –dport 40000:40080 -j ACCEPT

Restart Iptables & VSFTPD

Hello, I also met the same problem with you today, the site uses NGINX+PHP-FPM, the operation of the account for the NGINX:NGINX,FTP account for the myname:ftp; The root directory of the website is/user/share/nginx/html; I studied it. , the method is as follows, for reference:

First edit "vsftpd.conf":

vim /etc/vsftpd/vsftpd.conf

At the end of the document, add:

guest_enable=YES #启用vsftpd虚拟用户guest_username=nginx #虚拟用户对应的系统用户，我安装的是 nginx#pam_service_name=vsftpd #启用 vsftpd 验证，如果文档里有这一行就注释掉user_config_dir=/etc/vsftpd/vu_conf #虚拟用户配置文件路径virtual_use_local_privs=yes #启用vsftpd虚拟用户，并且虚拟用户和本地用户有相同的权限。

When finished, press ESC to enter: WP Save and exit. Then go to the "vsftpd" directory:

cd /etc/vsftpd

Create a directory "vu_conf":

mkdir vu_conf

Then enter this directory:

cd vu_conf

Create a file "MyName" with the same name as the virtual user name:

touch myname

Then open this file:

vim myname

Press I keyboard to enter the editing mode, enter the corresponding path for this user "local_root=/usr/share/nginx/html" and then press Save to exit. Finally restart VSFTPD:

service vsftpd restart

