FTP file security
I have an FTP server, chrooted to a directory, /ftproot. I have a couple hundred users whom use this for nothing but uploading files for someone else to download. So, everyone uses the same login.
This is currently running on a Windows box, and works great. Files can get created and uploaded, but not overwritten or deleted. So everyone can upload files, no one can ever overwrite them or delete them.
I am transferring this task over to a linux box, but having problems with setting up that type of security. I need to allow people to upload files and create folders, but not overwrite or delete anything even if they are the owner. I am running VSFTP, and have the file_open_mode set to 440 to set all new files, but they can still delete the new files in which they have R only permissions(I assume this is because they have RW on the root folder).
I've goofed around with setting up ACL's with setfacl, but I can't seem to find what the right combination of permissions/defaults is. I either lock myself out all together from doing anything, or I have full access to create/delete.
Anyone know what the correct permissions would be for the ACL list, or else maybe a different way of going about this?