Recently somebody asked me how to have a few users able to access the same directory over FTP. But only allow some of them to have read-write access, and let the rest be read-only.
I use vsftp which needs to be modified a little bit for this to work.
edit /etc/vsftp/vsftpd.conf (on CentOS, your distro may store the .conf somewhere else)
You’ll need to change “local_umask” from 022 to 0007. Save and restart the service
# Add 2 new groups, one for read only users and the other will be for the read-write guys
# Create a document store where all FTP users will access once they are logged in. always a good idea to put it in /home
chmod 775 /home/ftp-docs/
chown root:ftp-readwrite /home/ftp-docs
# Add the new users
useradd -g ftp-readwrite -d /home/ftp-docs user1
useradd -g ftp-readwrite -d /home/ftp-docs user2
useradd -g ftp-readonly -d /home/ftp-docs user3
# Set the users password
And your done.
The reason you need to change the umask is when a new directory is created by a read-write user the permissions by default don’t give full write-write access, I believe it’s read-only (for other users in the group).
So user1 can create a directory but only user1 can remove it.