Properly setting scp permissions for www and user access

I need to set up permissions properly on a web folder for two users and apache's www user.
The hierarchy looks like so:
  • /var/www/ contains several folders for several websites managed by user1.
  • /var/www/special/ contains a special website folder managed by user2.
Therefore, I need user1 to be chrooted to /var/www/ and have rw access to its entire contents, and user2 to be chrooted to /var/www/special/ and have rw access to its contents. No problems with chrooting them in sshd_config, but permissions are a bit tricky. Advice how to do that that right way, possibly including using ACLs is appreciated.

Thought it would be simple, but my user2 cannot create new folders in their chroot dir and newly created files have r-- group permissions instead of rw-.
 
Well, for now I solved it this way:

1. Added both scp users to www group in /etc/group:
www:*:80:user1,user2

2. chmod -R u=rwX,go=rX /var/www
chmod -R o-X /var/www/special
setfacl -m g:www:rwxp:fd:allow /var/www
setfacl -m g:www:rwxp:fd:allow /var/www/special


The first two lines enable successful sftp logins, the other two enable inheritable rw permissions for group www.
 
Back
Top