I have a directory that multiple users have access to. They change, upload, and delete files in the directory. They all belong to the same user group. The files in the directory have access rights of 660.
The problem is that the users cannot set the modification time of files if they're not the owner of that file.
For example user AAA uploads a file 'EXAMPLE.jpg', user BBB downloads it, modifies it and uploads it again. The file's 'last modified' timestamp will be of the time BBB uploaded it, not when it was really last modified. I tried setting the file's permissions to 777, but it didn't help.
The problem shows in sftp-logs as:
Dec 5 16:37:08 servername sftp-server[695]: open "/shared_directory/EXAMPLE.jpg" flags WRITE,CREATE,TRUNCATE mode 0666
Dec 5 16:37:08 servername sftp-server[695]: close "/shared_directory/EXAMPLE.jpg" bytes read 0 written 42765
Dec 5 16:37:08 servername sftp-server[695]: set "/shared_directory/EXAMPLE.jpg" modtime 20111205-15:53:31
Dec 5 16:37:08 servername sftp-server[695]: sent status Permission denied
Winscp will complain at the situation as Upload of file 'example.jpg' was successful, but error occurred while setting the permissions and/or timestamp. If the problem persists, turn on 'ignore permission errors'
. The warning can easily be ignored, but what if I want to allow my users to "preserve" the timestamps by editing them after file upload?
There is already a similar question than this, but has gone unanswered :(.
For some mysterious reason, Unix/Linux systems guard the mtime very strongly. Only the owner[*] can do what you require, i.e. push the mtime back.
You can't control it with the ACLs (
man setfacl
).One workaround I can think of is to use Samba, that has
dos filemode
option. It does exactly what you require (although the name is not very obvious). Of course I'm far from recommending samba over sftp; samba is an administrative nightmare.In fact, if I were you, I would go for a very, very ugly hack. Write a script that scans sftp-log file for the
set ... modtime
line, and for each such line immediately attempt to runtouch --mtime
. Obviously, the script needs to run as root, so make sure it is secure from code injection (such as filenames and dates containing ' or " or ; or $ characters).[*] Actually, also user possessing CAP_FOWNER (such as root), but this is system-wide capability, so not applicable to your case.
The users can delete then upload the changed files. In this way they will change the ownership and they will be able to update the timestamp of the file.
The folder permission should be something like
drwxrwsr-x
and the file permission should be like-rw-rw-r--
. the user should be in the same group as the folder and files.See also: How do I set permissions structure for multiple users editing multiple sites in /var/www on Ubuntu 9.10?