Best practise for proftp User and Group setting with mod_sql

proftpd

Solution 1:

These settings have no direct relation, beside that both could cause proftpd processes running as that user to appear.

The first ones control to which user ID the master process switches after initializing with full root privileges to be able to get all the privileges it needs.

The other (SQL) Settings are default values that only come into play if users are authenticated with mod_sql and the queries used for that do not return that information. So it depends on Your SQL setup whether they are used at all. If they apply to such SQL-authenticated users then the processes handling the sessions for the users will run with that UID/GID - and are used by the operating system to do file-system permission checks and as default owner/group for newly created files and folders.

How You want to setup any non-system authentication like SQL depends on Your need.

If all the users in the database are chrooted to some distinct directory and are no shell Users or such, it may be ok and convenient if they share all one User-ID/Group-ID which You probably would also define as operatingsystem-user/-group to have the files and processes listed in shell with some known name. Same can apply for some shared Write-Only, Read-Only or even Read-Write Direcories assigned to the user where it is ok or wanted that all the users have the same permissions.

If You want to share some data between the users or if they or some of them shall access the files they have permissions for via FTP also from shell etc. You may want to have unique User-IDs and some Groups the users are individually or generally assigned to. But in that case You either need to create the users as system users additionally or direct the system to also use the SQL User-DB, or You have to cope with the different numeric IDs assigned on operating system level. It would also be possible to use the UID as some kind of primary group, so having users with similar or same permissions sharing one UID.

In the end it really only depends on what You want to be the outcome - and how users (besides root) access the system. And on whether You already have some default setups that You want to adopt instead of making it different all the time without real need for that.

Related

What are the minimal permissions for WMI access to processes CommandLine?
nginx / ssl: Always redirect to one of two https subdomains [duplicate]
Load balancing Bind9 with Keepalived and LVS
HP ProLiant disk failure, proceed or do not proceed
ethernet cable is connected but It shows unplugged [closed]
Prevent from shell script executing by Apache
How to make NGINX redirect from http to https?
MySQL shutting down without warning, out of memory?
Block some website in Linux machine
How do i enforce duplex printing on Server 2012
Can an IP Address be used as the FQDN when requesting a SSL Certificate?
Server problems, running out of RAM, really high load average