Ubuntu SSH – How to Set Default Permissions for SFTP

In order to have all files under a given directory inherit group rights, you need to use the setgid bit on your directory. See this link.

 $ mkdir test
 $ sudo chown raphink.staff test
 $ ls -lhd test
     drwxr-xr-x 2 raphink staff 4.0K 2009-12-21 16:19 test
 $ sudo chmod g+s test # Set the setgid bit
 $ ls -lhd test
     drwxr-sr-x 2 raphink staff 4.0K 2009-12-21 16:21 test
 $ touch test/foo
 $ ls -lh test
     total 0
     -rw-r--r-- 1 raphink staff 0 2009-12-21 16:23 foo

You should use a group for each website. And make all users that need write access to be members of the respective group.

groupadd site1_com
mkdir /var/www/www.site1.com
chgrp site1_com /var/www/www.site1.com
find /var/www/www.site1.com -type d -print0|xargs -0 chmod g=rwxs
chmod -R g+rw /var/www/www.site1.com
usermod -aG site1_com user1

Now each time the users are creating files under /var/www/www.site1.com folder they should use the umask 0002 (in ~/.bashrc or in the deployment script) or they should set the permission for the group to have read write access chmod -R g+rw /var/www/www.site1.com 2>/dev/null.

Another solution to set the permissions would be to use dnotify. Create /usr/local/sbin/dnotify_handler-reset_perms.sh script with the following content:

#! /bin/sh
CHANGED_FOLDER=$1
find $CHANGED_FOLDER -maxdepth 1 -mmin 0 -not -perm -g+w -exec chmod g+w {} \;

And add to /etc/rc.local:

dnotify --recursive /var/www/www.site1.com --create --execute --background /usr/local/sbin/dnotify_handler-reset_perms.sh