Good morning;
I have a RHEL 5.7 web server configured to allow SSH/SFTP only by specific groups. I'd like for content managers to upload content to their respective directories and have that content inherit the user/group ownership of the directory regardless of upload method or application. For example:
- John is in group "web" for SSH/SFTP rights and "finance" for directory permissions, and uploads to directory "webstuff" via SFTP.
- Directory "webstuff" has permissions of "2760" (rwxrws---), and ownership of "apache:finance".
If John uploads an update to an existing file in "webstuff", the ownership of the file stays at "apache:finance".
If John uploads a new file to "webstuff", the ownership of the file is "john:finance".
My desire is to have any file from John uploaded to "webstuff" to change to the directory's owner. I've tried with setuid and setgid both set, but the user-ownership didn't take.
I've seen mentions on ServerFault of using ACL's, or a chrooted jail for SFTP but I have yet to configure and test them, and I don't know if they're a viable solution (they could be, I just don't know because I've never done either). Any thoughts and assistance would be greatly appreciated.
No comments:
Post a Comment