Sounds like the way the script is set up through oxwall. Just a guess.

Here's a snip from the syslog:

Mar 18 09:26:50 www2 pure-ftpd: (?@10.1.1.55) [INFO] k******c is now logged in
Mar 18 09:26:57 www2 pure-ftpd: (?@10.1.1.51) [INFO] New connection from 10.1.1.51
Mar 18 09:26:57 www2 pure-ftpd: (?@10.1.1.51) [INFO] k******c is now logged in
Mar 18 09:26:57 www2 pure-ftpd: (kadidlesrc@10.1.1.51) [INFO] Can't change directory to web9: No such file or directory
Mar 18 09:26:57 www2 pure-ftpd: (kadidlesrc@10.1.1.51) [INFO] Can't change directory to clients: No such file or directory
Mar 18 09:26:57 www2 pure-ftpd: (kadidlesrc@10.1.1.51) [INFO] Can't change directory to clients: No such file or directory
Mar 18 09:26:57 www2 pure-ftpd: (kadidlesrc@10.1.1.51) [INFO] Can't change directory to client1: No such file or directory
Mar 18 09:26:57 www2 pure-ftpd: (kadidlesrc@10.1.1.51) [INFO] Can't change directory to web9: No such file or directory
Mar 18 09:26:57 www2 pure-ftpd: (kadidlesrc@10.1.1.51) [ERROR] Can't create directory: No such file or directory


I really need to figure this out, as we have a client asking now.

Okay, found it.  If you use ispconfig, do the following for each site.  Replace clientXXX with the correct clientID (always starts with client) and the webXXX with the correct web ID.

# cd to site directory /var/www/clients/clientXXX/webXXX
# mkdir -p var/www/clients/clientXXX/webXXX
# cd var/www/clients/clientXXX/webXXX
# ln -s ../../../../../web www
# ln -s ../../../../../web web
# chown webXXX:clientXXX var -R

This makes the phone structure that oxwall needs to find the files.  Oh, and don't forget to create the ftpuser.  It's different from the file system user and not made automatically.

Don't "Fix" the paths above, the var/www/clients/clientXXX/webXXX should NOT have a / in front, your making a phony /var path because the chroot won't let ftp users get to the real one.

Michael,

If possible, could you please provide little more explanation? I am trying to under this. Hope you have some time to help me on this to understand.

Basically, what happens is that oxwall is trying to move through the path that apache sees.  That path isn't available in a high security system such as ours, so what I ended up doing is making path available that lets oxwall "think" it's changing directories, but in reality all it's doing is going through empty directories and when it gets to the goal (www or web) those are simply symlinks back to the real ones back in the user root directory.

The tricky part was getting the links to work.  Absolute links would have broken, so they have to be done weird to make the relative and to actually mean something.  A better way would be to allow the admin to override what oxwall sees as the path (call it ftp path or something) however I couldn't wait that long, and I'm loath to butcher others work.  I don't particularly like the way ftp info is stored, its not super safe, however if you know what your doing and destroy the session after uploading it isn't too bad.

Hope this helps.  And again, this is only an issue with a fairly tightly secured server.  Servers with cPanel or Plesk are probably okay, since they let you do things no user should ever be able to do, which of course makes the ftp issue a real problem.  Best thing is to be on dedicated hosting, I hope everyone here needs it. :D

Thanks for your explanation. I understood tha now.

 

Even my cpanel based server does not allow this.

They finally cleaned that up.  It was one of the reasons we chose not to use them, that and the easily hacked out of jail shell it uses.  I does make setting up scripts easier when the FTP can see the whole path, but can be dangerous if a user accidentally sets their home directory permissions wrong.  Of course it's the hosts fault if they screw themselves up, but that's a topic for another forum. :D

Can you give me some advise how we can overcome?

Please let me know what steps I should do now for FTP to work?

I don't have access to SSH.

Not sure it can be done without a shell, as you need the symbolic link, and I don't think that's supported in FTP.  If the file manager they are using has that ability, it could be done, but I'm not familiar enough to guide you through it.

Thanks. I guess there should be some way that Oxwall should change its method on using FTP.. Can you figure it out? You seems to be an expert on this. :)

I don't know about expert, we were working on another site after an update and I felt very stupid.  Seems the new version of ISPConfig set the immutable attribute in linux.  Chased my tail for 14 hours before I realized what was messing it up, and then of course a chattr -i /var/web/clients/clientx/webx fixed everything up.  If you can't do the mkdir -p command, this is likely the issue.

I'd love to see the FTP thing go away.  Sorry, I've built tons of sites that didn't need to do this, either by allowing the script write permissions to certain directories, or by allowing you to direct ftp it up yourself without all the hassels.  Oxwall needs to clean this mess up, it's the biggest detraction from the system.

Purusothaman, you really should consider hosting with someone that will give you ssh access.  I know Hostgator does this.  You'll have a jailed shell, but honestly, if the shells aren't jailed, they are not a real hosting company.  Monster security risk allowing users outside of their personal jails

Many appologies for not checking in sooner.  I always forget to look for the little notification on the top.  Guess I should let the system e-mail me. :D

Thanks Micheal for the update. I don't have any personal oxwall websites so I am not in need urgently. I use just for testing and demo. But many others will get benefit out of your time and analysis. Thanks again.