Linux – folder permissions and sftp


I'm trying to set folder permissions on a linux machine. I have this primary folder: /home/master/staging

This folder houses subfolders containing user sftp drop points. I need to set folder permissions for this.

I have the following users:


Master's home directory is /home/MASTER

I have done the following to the folder /home/master/staging/:

drwxrwx---. 19 MASTER MASTER  4096 Apr 14 02:21 .
drwxrwx---.  6 MASTER MASTER   199 Mar  5 12:20 ..
drwxrwx---.  2 MASTER MASTER    10 Apr 15 00:51 MASTER
drwxrwxr-x.  2 sftpuser1 MASTER    10 Apr 15 00:28 sftpuser1
drwxrwxr-x.  2 sftpuser2 MASTER    10 Feb 15 08:02 sftpuser2

Assuming MASTER is the group owner of group MASTER, I read the following on this:

MASTER "should" be able to read/write all folders
sftpuser1 should be able to read/write in folder /staging/sftpuser1
sftpuser2 should be able to read/write in folder /staging/sftpuser2

sftpuser1 and 2 have been set this way:

usermod sftpuser1 -s /bin/false
usermod sftpuser1 -d /home/master/staging/sftpuser1
usermod sftpuser2 -s /bin/false
usermod sftpuser2 -d /home/master/staging/sftpuser2

With that all being said, neither sftpusers cannot see their own folder using sftp, and user MASTER cannot go into the two sftpuser folders locally. all permission denied.

what am I missing here? The goal is sftpuser1 only sees sftpuser1; sftpuser2 only sees sftpuser2; and MASTER should be able to see all of them. Thanks!


MASTER is now able to see the sftpuser's folders. Group privs fixed that.

Best Answer

There is no such thing as "group owner of group" (as well as "folders" in *nix, lets call that as its supposed to be - directory). There is owner which are user, and there is group and others in traditional *nix permissions.

As you've already fixed access from MASTER user, you need to allow sftpuserX to access. But your parent directory /home/master allows only MASTER user and MASTER group to access it. That is why your sftpuserX can't get access to /home/master/sftpuserX directory.

Unless you are running sftp in a chroot environment it's not a good idea for such setup. Because if you allow sftpuserX to read /home/master directory they will get access to every file in MASTER user homedir actually.

I'd rather suggest you to create a separate directories for these users like /home/master/sftpuserX, change it's group to MASTER and allow g+rwx (full group access) to that directory (retaining sftpuserX as owner and full access). You can add a symlinks from /home/master/ to /home/sftpuserX directories if you really need to access them from there.

As an alternative take a look at extended permissions with ACLs (check for getfacl & setfacl commands). They allow more flexibility with permissions, but can become more complicated to manage.