# Apache: upload file



## RedDevil (Apr 12, 2011)

Hi,

I have a web server running Apache on FreeBSD (user www is used to run Apache).

I would like some local users to be file administrators of their own site on this server, i.e. I would like jdoe to be able to upload files in the "SITE1" folder inside the Apache document root. 

I have installed vsftpd on this web server and configured it to chroot local users, I have also give them access to the target folders (inside the Apache document root) with the *mount_nullfs* command. 

My problem is when one of these users uploads a file on a folder inside the document root, this file is no longer available from web browsers because it is not owned by the www user. Is there a simple way to allow access to these pages uploaded by local users?

Maybe there is a better way to upload files on web servers ?

Thanks in advance for your answers. 
RedDevil


----------



## mamalos (Apr 12, 2011)

As you say, jdoe uploads files to SITE1. Change your group ownership of SITE1 to www, and give this folder the right permissions (something like 710, or 750). Then, depending on your users' umask, everything should work as expected.

As far as your second part of the question is concerned, yes there are myriads of alternatives to let your users write in some webserver's directory, like *scp*, *sftp*, *webdav*, adhoc-webpage, to name a few. Nevertheless, ftp is one of the best choices, if configured and secured correctly.


----------



## SirDice (Apr 13, 2011)

RedDevil said:
			
		

> My problem is when one of these users uploads a file on a folder inside the document root, this file is no longer available from web browsers because it is not owned by the www user.


Files do not need to be owned by the www user (and from a security standpoint it's better if they never are). As long as the www user has read access to the file, it should work fine. Usually permissions like 644 (for files) and 755 (for directories) are good enough.


----------

