Ftp – How to auto chown/chgrp files after FTP upload

Take a look at the local_umask directive inside the vsftpd.conf

If you want to go with the SFTP only solution, I have created a blog post recently that describes exactly this including a few of the common errors: http://blog.frands.net/sftp-only-chroot-users-with-openssh-in-debian-166/

If you want to go with the FTP solution, vsftpd is indeed a fine choice. However, when a user uploads a file it will be set with his user and group following the defined umask. You could set the user's primary group to www-data and then create a umask that fits in vsftpd.

This is a quick-howto do what I suggested:

Create the user with the www-data group, no real shell and the correct home dir, set the password afterwards

useradd -d /path/to/his/domain.com -g www-data -s /bin/false theusername
passwd theusername

Make sure that vsftpd accepts his shell. cat /etc/shells and look for /bin/false (it should not be there by default) - if it not there, add it:

echo "/bin/false" >> /etc/shells

Next, edit the vsftpd config file. Touch these parameters: (if they are commented out, remove the #)

Disable anonymous access to the server

anonymous_enable=NO

Allow local users to use FTP

local_enable=YES

Allow file uploads

write_enable=YES

Set the umask, so the files the user uploads are also writable by group (www-data)

local_umask=002

Chroot the user so he cannot move out of his home dir

chroot_local_user=YES

Now, restart vsftpd

/etc/init.d/vsftpd restart

and you should be all set.

BUT!

• FTP is generally insecure.
• If SFTP is possible, use it.
• Having the webserver allowed to write to files is a security flaw, unless the directory is used for uploads or files that the website commonly changes.