I have a new VPS setup with Debian + LEMP stack. Wondering how to automatically chown/chgrp new files uploaded via FTP to /srv/www/siteroot to www-data:www-data?
I am under the assumption this can be with a proper umask?
The umask setting influences the permission bits on the newly created files and directories. It doesn't influence the ownership.
You could add the user who uploads the files to the www-data group. A umask of 022 in the FTP server would then make sure that these files are readable by the webserver but not writeable.
If you also use PHP, you could set up suphp so that the uploaded php scripts will get executed as the user to whom they belong. Like this, your scripts would also be able to write to your files (the wouldn't if they were executed as www-data).
umask sets the permissions on a file, not the ownership.
You can use chgrp www-data <dir>; chmod +s <dir> to ensure that all files created in that directory are owned by the group www-data. I don't believe there's a way to change the owner as well but with proper group permissions that shouldn't be necessary.
The
umasksetting influences the permission bits on the newly created files and directories. It doesn't influence the ownership.You could add the user who uploads the files to the
www-datagroup. A umask of 022 in the FTP server would then make sure that these files are readable by the webserver but not writeable.If you also use PHP, you could set up
suphpso that the uploaded php scripts will get executed as the user to whom they belong. Like this, your scripts would also be able to write to your files (the wouldn't if they were executed as www-data).umask sets the permissions on a file, not the ownership.
You can use
chgrp www-data <dir>; chmod +s <dir>to ensure that all files created in that directory are owned by the group www-data. I don't believe there's a way to change the owner as well but with proper group permissions that shouldn't be necessary.If you are uploading via FTP, there should be option in FTP service config files to always set specific user and/or group on uploaded files.