Automatically change ownership using WinSCP?

I saw several threads about having issues with unexpected file permissions after file upload. I tried their solutions with no luck, I have to raise the problem in my way.

I run Nginx as nobody:nogroup on Debian 6. I changed the root web folder /usr/share/nginx/html to nobody:nogroup. Now I use WinSCP to upload file to the machine , but I use root account. If I create a new directory or update a new file, the ownership would be root:root. I am new to Linux world, I currently open a shell to change ownership of wwwroot after I have uploaded something to my server.

What is the best practice to upload file as root, but keep files and directories nobody:nogroup? Shall I set a password to account nobody and use this account to upload files?


Solution 1:

You can change group of the upload directory chgrp nogroup UPLOAD_DIR and set group ID on it chmod g+s UPLOAD_DIR - files created in this directory will have group nogroup. You can set default rights using umask 002 (perhaps when starting WinSCP session?) and all files will have rw rights for group. The owner will still be root, but the Nginx process should be able to manage files through nogroup membership.

Solution 2:

I do not know of any automatic solution for new files. Though, if you find that you need to keep changing the ownership manually, you can make use of various WinSCP features to make your life easier.

WinSCP allows changing ownership in the GUI (though if you use OpenSSH server, you have to use numeric GID/UID).

Alternatively, you can execute the chown command from WinSCP itself to avoid opening separate shell terminal. You can even setup a custom command chown nobody:nogroup . in WinSCP to speed this up.

You can even assign a keyboard shortcut to the command to make this even easier:

enter image description here

For updating files, make sure you disable transfer setting Transfer to temporary filename as this effectively creates a new file for every transfer (by default for files over 100 KiB only). When disabled, WinSCP only updates an existing file, so the ownership is preserved.
https://winscp.net/eng/docs/resume#automatic
https://winscp.net/eng/docs/ui_pref_resume