How set up user that can use SFTP whilst retaining other user ownership

• I have a user ‘canread’ which has read only rights and is owner of files and subdirectories in the directory /www/thedir/
• ‘Canread’ should never have write rights, not even for a millisecond (for security reasons)
• I have another user ‘canwrite’ which I want to use to up- and download files to the directory /www/thedir/ via SFTP. So it needs read and write access to directory /www/thedir/
• I want to make sure that any file uploaded by ‘canwrite’ will always have ‘canread’ as owner (not even get the wrong owner for a second)
• I don’t want to make ‘canwrite’ part of the same group as ‘canread’ for security reasons
• I don’t want to use a script or manual process to change ownership after up- or downloading files.
• I also don’t want to change permissions to aother level of the directories and files (no temporary 777 or similar) for security reasons

How can I accomplish this in a secure way?

Solution 1:

Your requirements are hard to fullfil. BTW sshd works this way - it runs as root, during authentication it spawns a process under sshd user, then it spawns process under user which logs in. sftp-server can't make owner of file other user than one who has logged in.

IMO as you don't want to use shared group, you have only one option.

• workaround it - ie. always spawn sftp-server via sudo under canread user. Oh! Yes, but the trick would be to run sftp-server -R (readonly) for canread user and sudo -u canread /usr/libexec/sftp-server for canwrite user. You can use ForceCommand or put it into .ssh/authorized_keys. This way, canread would never have write operation permitted (unless there's OpenSSH bug). And canwrite would in fact read/write files/dirs under canread permission.

I would really rethink shared group and use of sgid on dirs.