I have a folder named "digitalgoods" with the following ownership — apache:apache residing outside of the htdocs folder and is therefore not accessible to the public. However I need the same folder to be accessible by a set group of users (Jack, John, James) — we'll call them all "uploaders".
I want the "uploaders" to be able to each upload files as easily as possible to the "digitalgoods" folder, where apache can then access to serve via purchase.
My question is what is the best way to set this up?? I am currently using SSH to access the server, but would it make more sense to install an ftp server for the users to gain access; and if so, what should I do from there in regards to accounts and permissions? Or should I set each user's home directory to "digitalgoods" and in some manner modify the permissions appropriately for access via SSH?
I am attempting to make uploading files as painless as possible for the client. Any help in this regard is appreciated.
Best Answer
There are 2 solutions using 2 different ftp servers
1 - Use proftpd with the VirtualServer feature and with a local user force. Snippet of a config file of mine:
Create the 3 users, and let them use the ftp. They will be "chrooted" to
/var/www/digitalgoods
and any file uploaded will have the permissions set toapache:apache
2 - Use vsftpd chroot, and create 3 users with the same userid than apache AND same home dir that will be chrooted(yeah, that´s a kludge but it shall work):
Contents of
/etc/vsftpd/vsftpd.conf
Since we are using least privilege, we will have to declare the logins that will access this ftp at
/etc/vsftpd/user_list
Create 2 users (
/etc/passwd
) and use the same userid of the apache user(again, its a damn kludge but at least you will have 2 users uploading to their chrooted homes with the same permission). With thecheck_shell=NO
you don´t need to give a valid shell to those users