I’m setting up a shared hosting. My users have SFTP access to the server to upload their contents. I’m using separate PHP processes running as respective users (one per site). I want the users to not see other users’ contents by default (except via the web server as any other unprivileged client), but the web server (running as www-data user/group) should be able to read everything. Right now I’m giving the ownership of files in www to particular users and group ownership to www-data and using the set GID bit to propagate the group ownership to new files/directories (users are not in www-data group).
It worked fine, but now I’m facing a problem. Some of the sites are using wordpress and when they upload files the set GID bit is lost meaning that the web server has no access to it. Is there some way to configure either PHP or wordpress (more likely) to chmod files and directories into the right permissions?
Note: I’m not using safe mode in PHP, so it should be able to add the set GID bit.
Update: I’ve tried tweaking the FS_CHMOD_DIR and FS_CHMOD_FILE values in wordpress config. I assumed that this would allow me to chmod the uploaded files to whatever I wanted. However, it did not affect the permissions of newly uploaded files. From the info in codex I guess these settings apply to core update function only.
Thanks!
This is not the answer to the exact question, but rather a solution to the problem in general. Assign the ownership of user’s web directory to user/www-data and set the permissions to 750, no SGID bit. Users must not belong to the www-data group. However, inside that directory the group ownership can be set to the users’ main group (e.g. users). The permissions inside can be 644 and 755 for files and subdirectories respectively. The security is provided by the fact that other users will not be able to enter or traverse this web directory and therefore will not be able to access any files inside even though they have enough permissions to access the files themselves. This will restrict both users connecting via SFTP and executing PHP commands.
Since this solution does not use the set GID bit it solves the original issue. Uploaded files can be left with their default ownership and permissions.
A little demonstration: