pacija said:
Is it safe to have virtual users FTP-authenticated with a UID of "www" and GID of "www", and not as UID of "ftpuser" and GID of "ftpgroup"?
I think this is somewhat of a matter of opinion but mine would be no. Simply because there's no real need to do so in order to make this thing work.
And in the (unlikely) event that something does go wrong it would be a lot easier to revoke access rights from a separate group (ftpgroup) than it would be to change your whole security scheme (because
www would have had access anyway).
I'd prefer keeping authorization separated and applying a security model to make it work. Even so; as I mentioned earlier this is most likely a matter of opinion as I can't give hard arguments as to why this would be bad by definition.
I'd still recommend against it though
pacija said:
* I will be implementing
MySQL authentication of virtual FTP users. Should
I give each virtual FTP user their own high UID and GID? and if so:
* What should be the ownership and permission for web roots so that they are secure and functional?
I'm starting to wonder what it is you're hoping to gain by all this? If it is an increase in security then you're starting out wrong in my opinion, because the first step to securing your environment is (fully) understanding what is going on.
Using a
/etc/passwd (and optionally
/etc/shadow) environment which you fully understand (for example; by making sure to set the user accounts shell to something like
/sbin/nologin, thus preventing that they can easily logon) can be a lot safer than using a SQL powered authentication scheme which you don't yet fully grasp.
The reason I'm mentioning this is because there is basically not that much difference between them. In the end the FTP server is still relaying ("mapping") the whole lot to a specific system account which you have to determine. And if that account isn't setup in a safe way then it would make all of this immediately meaningless (provided that your aim here is to increase security).
I think this also answers your questions. It doesn't really matter what UID or GID you're going to use because you'll still map each individual account to a specific system account (as can be read in the README file which link you shared yourself).
And you probably want to map the user account(s) to a system account which can access the specific web directories.
There isn't a fitting answer here, we can't tell you what is the best thing to do since it all depends on the security model which you want to use. Or put differently: the way you plan to keep all this safe.