Swizzling.org

Recently somebody asked me how to have a few users able to access the same directory over FTP. But only allow some of them to have read-write access, and let the rest be read-only.

I use vsftp which needs to be modified a little bit for this to work.

edit /etc/vsftp/vsftpd.conf   (on CentOS, your distro may store the .conf somewhere else)

You’ll need to change “local_umask” from 022 to 0007. Save and restart the service

/etc/init.d/vsftpd restart

# Add 2 new groups, one for read only users and the other will be for the read-write guys

groupadd ftp-readonly
groupadd ftp-readwrite

# Create a document store where all FTP users will access once they are logged in. always a good idea to put it in /home

mkdir /home/ftp-docs
chmod 775 /home/ftp-docs/
chown root:ftp-readwrite /home/ftp-docs

# Add the new users

useradd -g ftp-readwrite -d /home/ftp-docs user1
useradd -g ftp-readwrite -d /home/ftp-docs user2
useradd -g ftp-readonly -d /home/ftp-docs user3

# Set the users password

passwd user1
passwd user2

And your done.

The reason you need to change the umask is when a new directory is created by a read-write user the permissions by default don’t give full write-write access, I believe it’s read-only (for other users in the group).

So user1 can create a directory but only user1 can remove it.