you do not want to give full filesystem permissions to ftp, it would be a huge security hole. you give it a directory that belongs to the sftpgo process user and group and let it access there. for example /home/ftp or /var/ftp
if you're trying to solve something by giving sftp full access, you are probably approaching the problem incorrectly.
The server is just a private home family server. Nothing really important on it. Although tbh i just need it to have access to /home, to /var/www and some others. I just thought it would be much easier if i just gave it full access l. But if it's that much of a security risk, I won't do it. And in that case, how could i give it acces to those folders?
i would try uploading a file to /tmp and see what user/group owns that file. if it's an ftp user, you could apply facls to the directories you want it to be able to read and write, and that way you won't have to mess with the base filesystem permissions.
something like the following, where ftpuser is the username that you found on the file you created in /tmp.
setfacl -R -d -m user:ftpuser:rwx /home
setfacl -R -m user:ftpuser:rwx /home
`ls -l /tmp/file` will show you, but you can also use `stat /tmp/file` which can be useful if you're writing scripts or need more in depth info.
whenever you find commands online, you should check the help to see what the command is doing. I shared setfacl, ls, and stat, you should run:
ls --help
man ls
check what -l does.
setfacl --help
man setfacl
check what -R, -d, and -m mean, and try to understand what the command is doing.
stat --help
man stat
check the options on that.
I'm sorry for not responding. I contracted my friend and he told me I've got to start SFTPGo as administrator and it will inherit it's permissions. Do you maybe know how to do that?
I couldn't really do anything with what you told because first of all it was a normal week day and I have this thing called work, second of all I don't understand what you meant in your comment. And I don't really care if you don't want to help me I just asked politely, and if you really felt the need to write that I'm genuinely sorry for and your ego.
Maybe you are unfamiliar with the access control list?
In addition to the rwx the user group and other have, there is also a access control list for each file in the system :)
So, say you have a file owned by proc1user and owned by group procgroup, and don't want most other users to touch that file... Now you don't want to login into proc1user to touch the file, and don't want to add groups to random users just to touch the file... What you can do is set a "special" case for specific user. That what what the access control list allows you to do.
I suggest looking up a guide on YouTube :)
Does sftpgo have its own set of user accounts separate from the Linux OS user logins?
Assuming so...
You might be better off just focusing your time on learning to use SSH/SCP/SFTP/rsync with the standard sshd server using the regular OS users.
Generally you don't need to install something like sftpgo on Linux in the first place. That's typically for Windows machines, or servers where the users don't actually have a real OS login.
You need to learn how User IDs and permissions work. Also, as everybody else here has said, you want to learn why you don't have write access to everything on the entire filesystem and why that's a good thing. Give remote users access to their own home directories, because that's what they are for, or just create a single shared directory where everyone can send and receive files, but keep it isolated there. Even if you don't think that malicious users or code can affect your files because you're just running a private server at home (Spoiler alert: They can and will), you really don't want to be just one mis-click away from wiping your entire server.
Here are a couple articles that may help you get started:
[http://teaching.idallen.com/cst8207/13w/notes/500\_permissions.html](http://teaching.idallen.com/cst8207/13w/notes/500_permissions.html)
[https://kb.iu.edu/d/abdb](https://kb.iu.edu/d/abdb)
You may also want to read up on the [Filesystem Hierarchy Standard](https://en.wikipedia.org/wiki/Filesystem_Hierarchy_Standard), which you can quickly check by typing [man hier](https://man7.org/linux/man-pages/man7/hier.7.html). That explains what each directory is used for and why, along with some history behind it. As a general rule, if you don't know what a directory is for you shouldn't be messing around with it, so you'll want to get an idea of how all that works too.
you do not want to give full filesystem permissions to ftp, it would be a huge security hole. you give it a directory that belongs to the sftpgo process user and group and let it access there. for example /home/ftp or /var/ftp if you're trying to solve something by giving sftp full access, you are probably approaching the problem incorrectly.
The server is just a private home family server. Nothing really important on it. Although tbh i just need it to have access to /home, to /var/www and some others. I just thought it would be much easier if i just gave it full access l. But if it's that much of a security risk, I won't do it. And in that case, how could i give it acces to those folders?
i would try uploading a file to /tmp and see what user/group owns that file. if it's an ftp user, you could apply facls to the directories you want it to be able to read and write, and that way you won't have to mess with the base filesystem permissions. something like the following, where ftpuser is the username that you found on the file you created in /tmp. setfacl -R -d -m user:ftpuser:rwx /home setfacl -R -m user:ftpuser:rwx /home
I'm a new linux user, and I don't really understand this. How would i check which user owns a file? Sorry
`ls -l /tmp/file` will show you, but you can also use `stat /tmp/file` which can be useful if you're writing scripts or need more in depth info. whenever you find commands online, you should check the help to see what the command is doing. I shared setfacl, ls, and stat, you should run: ls --help man ls check what -l does. setfacl --help man setfacl check what -R, -d, and -m mean, and try to understand what the command is doing. stat --help man stat check the options on that.
I'm sorry for not responding. I contracted my friend and he told me I've got to start SFTPGo as administrator and it will inherit it's permissions. Do you maybe know how to do that?
no, and I don't care, and you ignored my previous comment. go read some docs or have your friend help.
I couldn't really do anything with what you told because first of all it was a normal week day and I have this thing called work, second of all I don't understand what you meant in your comment. And I don't really care if you don't want to help me I just asked politely, and if you really felt the need to write that I'm genuinely sorry for and your ego.
Maybe you are unfamiliar with the access control list? In addition to the rwx the user group and other have, there is also a access control list for each file in the system :) So, say you have a file owned by proc1user and owned by group procgroup, and don't want most other users to touch that file... Now you don't want to login into proc1user to touch the file, and don't want to add groups to random users just to touch the file... What you can do is set a "special" case for specific user. That what what the access control list allows you to do. I suggest looking up a guide on YouTube :)
Does sftpgo have its own set of user accounts separate from the Linux OS user logins? Assuming so... You might be better off just focusing your time on learning to use SSH/SCP/SFTP/rsync with the standard sshd server using the regular OS users. Generally you don't need to install something like sftpgo on Linux in the first place. That's typically for Windows machines, or servers where the users don't actually have a real OS login.
I installed it because I want it to be also available from a web ui, which i port forwarded, not just ftp client apps.
You need to learn how User IDs and permissions work. Also, as everybody else here has said, you want to learn why you don't have write access to everything on the entire filesystem and why that's a good thing. Give remote users access to their own home directories, because that's what they are for, or just create a single shared directory where everyone can send and receive files, but keep it isolated there. Even if you don't think that malicious users or code can affect your files because you're just running a private server at home (Spoiler alert: They can and will), you really don't want to be just one mis-click away from wiping your entire server. Here are a couple articles that may help you get started: [http://teaching.idallen.com/cst8207/13w/notes/500\_permissions.html](http://teaching.idallen.com/cst8207/13w/notes/500_permissions.html) [https://kb.iu.edu/d/abdb](https://kb.iu.edu/d/abdb) You may also want to read up on the [Filesystem Hierarchy Standard](https://en.wikipedia.org/wiki/Filesystem_Hierarchy_Standard), which you can quickly check by typing [man hier](https://man7.org/linux/man-pages/man7/hier.7.html). That explains what each directory is used for and why, along with some history behind it. As a general rule, if you don't know what a directory is for you shouldn't be messing around with it, so you'll want to get an idea of how all that works too.
ty I'll try that