LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Newbie (https://www.linuxquestions.org/questions/linux-newbie-8/)
-   -   VSFTP Chown Upload file (https://www.linuxquestions.org/questions/linux-newbie-8/vsftp-chown-upload-file-4175487740/)

rzp78 12-12-2013 12:37 PM
VSFTP Chown Upload file
 
Hello all. I am trying to figure out the correct permissions to facilitate this.

I have a multi tenant Apache webserver, with VSFTP installed on it. Apache is running as Apache. The desired goal is to have all files uploaded by any user be owned by Apache. Each website folder is owned by a security group. FTP users are created and then assigned to this group. The group chmod should be g+s to always retain the group owner to allow different users within the security group to delete or overwrite files uploaded by another user.

This configuration confuses me, should I be using a chown in the vsftp.conf file, or a set of complex permissions? This is a sample of what I am using, and its not working exactly as I need:

sudo chmod -R 770 /srv/www/vhosts/websitefolder
sudo chmod -R 770 /srv/www/vhosts/websitefolder/webroot
sudo chown -R apache:securitygroup /srv/www/vhosts/websitefolder
sudo setfacl -m g:apache:rwx /srv/www/vhosts/websitefolder
sudo setfacl -m d:g:securitygroup:rw /srv/www/vhosts/websitefolder
sudo chmod -R g+s /srv/www/vhosts/websitefolder/webroot
sudo chmod -R g+s /srv/www/vhosts/websitefolder

SAbhi 12-12-2013 08:11 PM
dir structure looks like SuSe..
you can set umask for uploaded files and file open permissions in conf file, something liek this would be a help:
Code:
local_umask=022
file_open_mode=0777
Above would effect in permissions of 755 by default to be set.

rzp78 12-13-2013 12:22 PM
This was a set if permissions used in a SuSue box, but we are now using a CentOS box, so if the ands are now no longer appropriate, maybe that's why things aren't working right.

The main goal aside from the 755 you provided above is to also retain Apache as the owner no matter who uploads the file. The group owner has users X Y and Z in them. So user X should be able to upload an index.php file, and the owner remains apache. User Z should be able to delete and it overwrite the index.php file based on sticky but using g+s?

Zack

SAbhi 12-14-2013 01:01 AM
Quote:
Originally Posted by rzp78 (Post 5080190)
This was a set if permissions used in a SuSue box, but we are now using a CentOS box, so if the ands are now no longer appropriate, maybe that's why things aren't working right.

Zack
THe above permissions are for vsftpd and not for SuSe or any specific distro..
you can have your own set of permissions defined over there.

rzp78 12-14-2013 11:34 AM
Minus the 755 permissions, what I am trying to enforce is that no matter who uploads content, that Apache owns the files as the user. The user that is in the security group should also be able to upload files, any user in the security group, and have the U of Apache own it, and the Group of own the file.

Some how moving from SuSe to Cent this behavior has changed. I understand the Umask etc, its the User / Group sticky bit I need to resolve in my opinion.

SAbhi 12-14-2013 10:58 PM
So do you think you have read and tried all about vsftpd details, since you are using centos did you checked all context applied to the dir ?

Code:
chown_uploads=YES
chown_username=some_username
How about these values ?


All times are GMT -5. The time now is 09:52 PM.