December 3, 2009

FTP file security


I have an FTP server, chrooted to a directory, /ftproot. I have a couple hundred users whom use this for nothing but uploading files for someone else to download. So, everyone uses the same login.

This is currently running on a Windows box, and works great. Files can get created and uploaded, but not overwritten or deleted. So everyone can upload files, no one can ever overwrite them or delete them.

I am transferring this task over to a linux box, but having problems with setting up that type of security. I need to allow people to upload files and create folders, but not overwrite or delete anything even if they are the owner. I am running VSFTP, and have the file_open_mode set to 440 to set all new files, but they can still delete the new files in which they have R only permissions(I assume this is because they have RW on the root folder).

I've goofed around with setting up ACL's with setfacl, but I can't seem to find what the right combination of permissions/defaults is. I either lock myself out all together from doing anything, or I have full access to create/delete.

Anyone know what the correct permissions would be for the ACL list, or else maybe a different way of going about this?