Setting up Pure-FTPd with admin/user permissions for same directory
I need to set up 2 Pure-FTPd accounts - ftpuser and ftpadmin. Both will have access to a directory that contains 2 subdirectories - upload and downlaod. The permissions criteria needs to be as follows:
- ftpuser can upload to /upload but cannot view the contents (blind drop).
- ftpuser can download from /download but cannot write to it.
- ftpadmin has full read/write permissions to both, including file deletion
Currently, the first two are not a problem - disabling /upload read access and /download write access for ftpuser did the job. The problem is that when a file is uploaded by ftpuser, it's permissions are set to 644, meaning that user ftpadmin can only read it (note that all FTP directories are chown'd to ftpuser:ftpadmin). How can I give ftpadmin the power he so rightfully deserves?
Solution 1:
Starting the process with a different umask (-U) flag set will solve the permissions issue. For example:
/usr/sbin/pure-ftpd -U 113:002 &
Note that each umask number is subtracted from 7 to get the final permissions:
113:002 results in 664 for files and 775 for directories.
Solution 2:
In your /etc/pure-ftpd.conf
, set your Umask to 003:002.
This will set your permissions to -rwxrwxr--
for files and drwxrwxr-x
for directories. If you don't need execute permissions, then change the Umask to 113:002 which is -rw-rw-r--
for files and drwxrwxr-x
for directories. Pure-FTPd base umask is 777 and any umask subtracts from the base.
Solution 3:
Just set the sgid bit on the top dir, since group is already set correctly you're done.