0

I'm getting stuck with user permissions on a LAMP stack (using Digital Ocean if it matters). Here's my setup.

User dev has the following groups: dev www-data

The /var/www folder has been set so that the owner is www-data:www-data, it looks like this: 

 drwxrwxr-x  3 www-data www-data 4096 Mar 30 17:41 www

If I use the dev user to sftp in, everything looks good, but if I then upload a file, the new file has the ownership of dev:dev.

This becomes a problem when I have a new user called dev2 that is also working in the same directory as they can't delete or overwrite the files that belong to dev.

My experience with users is unfortunately limited to using cPanel, where I can create multiple FTP users that don't have this access/overlap issue. How can I do this via terminal?

Aninemity
  • 73
  • 2
  • 9

1 Answers1

0

The g+s bit on directories will impose the group-of-the-parent-directory (BSD style) instead of the default group-of-the-process (SysV style). So, something like

chmod g+s /var/www

(and also on any subdirectories) should cause the www-data group to be preserved on the creation of new files thereunder. Another option may be to use the so-called POSIX acls (see setfacl(1)) which while more complicated can allow multiple groups to access the files. (You may end up with some cron jobs to audit/set the permissions, regardless, or configuration management can also enforce permissions on a directory tree, depending on how much trouble you want to go to.)

thrig
  • 1,676
  • 11
  • 9