NGINX, FastCGI PHP with FTP Access, How to setup users/permissions?

Solution 1:

First things first, setup separate Unix accounts for each user. Associate those accounts with the FTP server. Although really, you should use Secure FTP via SSH. With newer versions of OpenSSH, you can setup "SFTP-only" accounts that are Chrooted into that user's home directory. Bam! Now you have users securely logging into their own home directories with no visibility to the entire file system. Files are written using their own user/group permissions.

Then, you can setup FastCGI to run with individual user permissions. It looks complicated, but there is a tutorial available here: How to setup FastCGI with Individual Permissions

This is probably the best approach (albeit the most complex) if you are trying to setup shared hosting for various users, especially if they are "untrusted" users. In this way, no one will be able to use PHP scripts to mess up each other's files.

If you can live with the fact that a user can maliciously access another user's files, you can continue to let FastCGI run as www-data. Then, when you setup each user's home directory, make the files owned by www-data GROUP. Then, set the switch bit in chmod (i.e. chmod 2770 instead of just 770). This will force newly created files to inherit the www-data group owner and allow FastCGI to read/write them.

Phew! That was long-winded. Let me know how it turns out by posting a comment here!