Thanks for the suggestion. Unfortunately, a temporary disabling of FTP wouldn't be an acceptable solution for us.
FWIW, we first encountered this problem Oct 29, and then again Nov 29. This has a positive correlation with the interval value. However, it occurred again Nov 30. The only possible explanation Ive come up with is that the Nov 29 upcp reported a problem:
[2017-11-29 00:39:36 -0600] E Pre Maintenance ended, however it did not exit cleanly (256). Please check the logs for an indication of what happened
But this was well after ftpquotacheck completed:
[2017-11-29 00:36:40 -0600] - Processing command `/usr/local/cpanel/scripts/ftpquotacheck`
[2017-11-29 00:36:40 -0600] [/usr/local/cpanel/scripts/ftpquotacheck] Ftp Quota Check v2.0
[2017-11-29 00:36:40 -0600] [/usr/local/cpanel/scripts/ftpquotacheck] [ftpquotacheck] Setting I/O priority to reduce system load: best-effort: prio 6
[2017-11-29 00:36:40 -0600] [/usr/local/cpanel/scripts/ftpquotacheck] Processing cPanel Account "hdfgroup":
[2017-11-29 00:36:41 -0600] [/usr/local/cpanel/scripts/ftpquotacheck] hdfgroup : ftp (/home/hdfgroup/public_ftp)...rebuilt
[2017-11-29 00:36:41 -0600] [/usr/local/cpanel/scripts/ftpquotacheck] Done
[2017-11-29 00:36:41 -0600] - Finished command `/usr/local/cpanel/scripts/ftpquotacheck` in 1.047 seconds
I noticed that ftpquotacheck contained:
chmod 0770, $ftphome; # ensure GID can write to it
So I ran it again to see if it would change again, and it did. So despite the 30 day interval, the permissions were changed for 3 consecutive runs within 48 hours. Further research shows me the interval setting, which I changed to 365000, and the next run of ftpquotacheck did not change permissions. A manual run of upcp also did not change permissions, but I'm sure you can understand that I don't trust it.
The simplest way to reproduce the problem is to change the permissions from 770, change the interval to 1, and manually run ftpquotacheck. As expected (apparently working as intended), the permissions get changed to 770.
As much as I like octal, I have to wonder if that's really the best way to do this. It seems like it would better perform the task in the comment use symbolic mode g+w so that other permissions aren't needlessly overwritten. Something like that would prevent my problem where I need o+rx.
Thanks.