Managing Linux Directory Permissions & SFTP
Posted
by
Dizzle
on Server Fault
See other posts from Server Fault
or by Dizzle
Published on 2012-06-04T16:18:53Z
Indexed on
2012/06/04
16:45 UTC
Read the original article
Hit count: 344
Good morning; I have a RHEL 5.7 web server configured to allow SSH/SFTP only by specific groups. I'd like for content managers to upload content to their respective directories and have that content inherit the user/group ownership of the directory regardless of upload method or application. For example:
- John is in group "web" for SSH/SFTP rights and "finance" for directory permissions, and uploads to directory "webstuff" via SFTP.
- Directory "webstuff" has permissions of "2760" (rwxrws---), and ownership of "apache:finance".
If John uploads an update to an existing file in "webstuff", the ownership of the file stays at "apache:finance". If John uploads a new file to "webstuff", the ownership of the file is "john:finance".
My desire is to have any file from John uploaded to "webstuff" to change to the directory's owner. I've tried with setuid and setgid both set, but the user-ownership didn't take. I've seen mentions on ServerFault of using ACL's, or a chrooted jail for SFTP but I have yet to configure and test them, and I don't know if they're a viable solution (they could be, I just don't know because I've never done either). Any thoughts and assistance would be greatly appreciated.
© Server Fault or respective owner