The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

owner and group permissions for FTP - opinions sought

Discussion in 'General Discussion' started by stardotstar, Oct 15, 2009.

  1. stardotstar

    stardotstar Well-Known Member

    Sep 14, 2009
    Likes Received:
    Trophy Points:
    Hi all

    Further to another thread I have I need a quick answer to this:

    Is there any difference to the way pureFTPd and proFTPd and WHM/cPanel virtual ftp users are handled?

    Most specifically (I know they are different systems and I have experience achieving what I want manually with proFTPd but am currently exploring pureFTPd on my WHM/cPanel host):

    with pureFTPd I notice that the user and group of any ftp account belongs to the cPanel account itself and therefore the ftp logins that may be assigned home directories all inherit the permissions of the main account permissions. The only easy way to restrict access to parts of a tree then is by setting the root directory that a user gets jailed to, but not the permissions within it.


    User A has access to the following directory by virtue of the ftp account creation process:


    I note that the permissions and ownership of A are cpanelaccount:cpanelaccount

    within the directory A I need two different places to be accessed by separate ftp accounts - call them B and C

    therefore we have


    This is to ensure that user A can traverse the tree of A, B and C but B and C are restricted to their subordinate directories and can't see or effect each other's files.

    So far so good.

    What I do with proFTPd at the moment is give different group and owner permissions to the various sub folders in the tree to create a more granular permission structure, ie:

    /home/cpanelaccount/public_html/A/B/drop ---> Owner is A group is A, B is in Group A permissions are set to allow only putting files into drop by the group (allowing B to upload but not see other files) but owner A can do all and see all for admin: drwx-wx--x

    /home/cpanelaccount/public_html/A/B/get ---> Owner is A group is A, B is in Group A permissions are set to allow only download of files from get by the group but owner A can do all and see all for admin: drwxr-x--x

    The only way I can see to do this in cPanel/WHM architecture and account management is to manually set CHMOD and CHOWN but in order to do that one needs to be able to control the group membership and have unique virtual UIDs for the ftp users. If this is possible with proFTPd and cPanel I would change to proFTPd otherwise it seems futile to change from what otherwise is a very good pureFTPd install...


    UPDATE - It occurs to me that since user and group is created with each main cP account I could intertwine two accounts by specifying the ftp home directory of the subordinate accounts within the main home of another cP account. Then make the permissions as desired and manually add the subordinate users to the group file for the principal user. That would give me a hack that gets gid/uid permissions for ftp without much more than some manual edits to chmod and /etc/group

    I know what I am saying here is going to be "unsupportable" but can anyone see a reason why it wouldn't work?

    No - won't work because even subdomain/reseller subordinate accounts are root jailed to another home...
    #1 stardotstar, Oct 15, 2009
    Last edited: Oct 15, 2009

Share This Page