Eric Wagar wrote:
I have an Apache web server with a few virtual hosts. The ftp is
handled by
proftpd, and I have multiple users defined. These users have their own uid
and gid. The problem comes when Apache is uid apache and need to write to
the said directory.
I am wondering what other people have done to deal with this. Do people just
set all the ftp users uid/gid to the same as the Apache uid/gid on the
system? Obviously this would be an ok solution because apache uid/gid !=
root.
What are the other ways you guys have dealth with this?
Thanks
eric
If I have a directory that I want multiple users to write to this is
what I do.
Create a group (any name will do)
# groupadd ftp_users
Edit the /etc/group file (there are tools to do this, but vi or emacs
are what I prefer)
Change the line (your gid will probably be different)
ftp_users:x:503:
to
ftp_users:x:503:apache,user1,user2,user3,user4
Create a shared directory
# mkdir /var/ftp/pub/shared
Make the directory group owned and writable by ftp_users
# chgrp ftp_users /var/ftp/pub/shared
Set the permissions to allow anyone in that group to write to that
directory. Also make the directory setgid. This is important as the
sticky bit as it is called will preserve permissions for all files and
subdirectories created in that directory.
# chmod g+w,g+s /var/ftp/pub/shared
The directory should look like this.
# ls -ld
drwxrwsr-x 2 root ftp_users 4096 Dec 16 12:12 /var/ftp/pub/shared
Now anyone who is in group ftp_users, including apache will be able to
write into that directory and people will be able to read and write the
files they create. The group members do have to trust each other, but no
one else outside the group. Also any files that are created will be
owned by the UID who created them, so you know who put them there in the
first place. There are of course other permission schemes that can
require more or less trust between group members, but this is usually
what I do for a shared directory amoung various users, or daemon UID.
Terrence