VSFTP Chown Upload file
Hello all. I am trying to figure out the correct permissions to facilitate this.
I have a multi tenant Apache webserver, with VSFTP installed on it. Apache is running as Apache. The desired goal is to have all files uploaded by any user be owned by Apache. Each website folder is owned by a security group. FTP users are created and then assigned to this group. The group chmod should be g+s to always retain the group owner to allow different users within the security group to delete or overwrite files uploaded by another user. This configuration confuses me, should I be using a chown in the vsftp.conf file, or a set of complex permissions? This is a sample of what I am using, and its not working exactly as I need: sudo chmod -R 770 /srv/www/vhosts/websitefolder sudo chmod -R 770 /srv/www/vhosts/websitefolder/webroot sudo chown -R apache:securitygroup /srv/www/vhosts/websitefolder sudo setfacl -m g:apache:rwx /srv/www/vhosts/websitefolder sudo setfacl -m d:g:securitygroup:rw /srv/www/vhosts/websitefolder sudo chmod -R g+s /srv/www/vhosts/websitefolder/webroot sudo chmod -R g+s /srv/www/vhosts/websitefolder |
dir structure looks like SuSe..
you can set umask for uploaded files and file open permissions in conf file, something liek this would be a help: Code:
local_umask=022 |
This was a set if permissions used in a SuSue box, but we are now using a CentOS box, so if the ands are now no longer appropriate, maybe that's why things aren't working right.
The main goal aside from the 755 you provided above is to also retain Apache as the owner no matter who uploads the file. The group owner has users X Y and Z in them. So user X should be able to upload an index.php file, and the owner remains apache. User Z should be able to delete and it overwrite the index.php file based on sticky but using g+s? Zack |
Quote:
you can have your own set of permissions defined over there. |
Minus the 755 permissions, what I am trying to enforce is that no matter who uploads content, that Apache owns the files as the user. The user that is in the security group should also be able to upload files, any user in the security group, and have the U of Apache own it, and the Group of own the file.
Some how moving from SuSe to Cent this behavior has changed. I understand the Umask etc, its the User / Group sticky bit I need to resolve in my opinion. |
So do you think you have read and tried all about vsftpd details, since you are using centos did you checked all context applied to the dir ?
Code:
chown_uploads=YES |
All times are GMT -5. The time now is 09:52 PM. |