Eric Wagar wrote:
I have an Apache web server with a few virtual hosts. The ftp is handled by proftpd, and I have multiple users defined. These users have their own uid and gid. The problem comes when Apache is uid apache and need to write to the said directory.If I have a directory that I want multiple users to write to this is what I do.
I am wondering what other people have done to deal with this. Do people just set all the ftp users uid/gid to the same as the Apache uid/gid on the system? Obviously this would be an ok solution because apache uid/gid != root.
What are the other ways you guys have dealth with this?
Thanks
eric
Create a group (any name will do)
# groupadd ftp_users
Edit the /etc/group file (there are tools to do this, but vi or emacs are what I prefer)
Change the line (your gid will probably be different)
ftp_users:x:503:
to
ftp_users:x:503:apache,user1,user2,user3,user4
Create a shared directory
# mkdir /var/ftp/pub/shared
Make the directory group owned and writable by ftp_users
# chgrp ftp_users /var/ftp/pub/shared
Set the permissions to allow anyone in that group to write to that directory. Also make the directory setgid. This is important as the sticky bit as it is called will preserve permissions for all files and subdirectories created in that directory.
# chmod g+w,g+s /var/ftp/pub/shared
The directory should look like this.
# ls -ld drwxrwsr-x 2 root ftp_users 4096 Dec 16 12:12 /var/ftp/pub/shared
Now anyone who is in group ftp_users, including apache will be able to write into that directory and people will be able to read and write the files they create. The group members do have to trust each other, but no one else outside the group. Also any files that are created will be owned by the UID who created them, so you know who put them there in the first place. There are of course other permission schemes that can require more or less trust between group members, but this is usually what I do for a shared directory amoung various users, or daemon UID.
Terrence
