Setting up Pure-FTPd with admin/user permissions for same directory

I need to set up 2 Pure-FTPd accounts - ftpuser and ftpadmin. Both will have access to a directory that contains 2 subdirectories - upload and downlaod. The permissions criteria needs to be as follows:

  • ftpuser can upload to /upload but cannot view the contents (blind drop).
  • ftpuser can download from /download but cannot write to it.
  • ftpadmin has full read/write permissions to both, including file deletion

Currently, the first two are not a problem - disabling /upload read access and /download write access for ftpuser did the job. The problem is that when a file is uploaded by ftpuser, it's permissions are set to 644, meaning that user ftpadmin can only read it (note that all FTP directories are chown'd to ftpuser:ftpadmin). How can I give ftpadmin the power he so rightfully deserves?


Solution 1:

Starting the process with a different umask (-U) flag set will solve the permissions issue. For example:

/usr/sbin/pure-ftpd -U 113:002 &

Note that each umask number is subtracted from 7 to get the final permissions:

113:002 results in 664 for files and 775 for directories.

Solution 2:

In your /etc/pure-ftpd.conf, set your Umask to 003:002.

This will set your permissions to -rwxrwxr-- for files and drwxrwxr-x for directories. If you don't need execute permissions, then change the Umask to 113:002 which is -rw-rw-r-- for files and drwxrwxr-x for directories. Pure-FTPd base umask is 777 and any umask subtracts from the base.

Solution 3:

Just set the sgid bit on the top dir, since group is already set correctly you're done.