5

I saw several threads about having issues with unexpected file permissions after file upload. I tried their solutions with no luck, I have to raise the problem in my way.

I run Nginx as nobody:nogroup on Debian 6. I changed the root web folder /usr/share/nginx/html to nobody:nogroup. Now I use WinSCP to upload file to the machine , but I use root account. If I create a new directory or update a new file, the ownership would be root:root. I am new to Linux world, I currently open a shell to change ownership of wwwroot after I have uploaded something to my server.

What is the best practice to upload file as root, but keep files and directories nobody:nogroup? Shall I set a password to account nobody and use this account to upload files?

Improve this question
1
  • It's somewhat dangerous to login as root, even over a secure connection. Many of the attacks on SSH/SCP have been ways to trick the file transfer client or server into using no encryption. It would be better to create a special account just for uploading, with as restrictive permissions as possible.
    – Snowbody
    Commented Jan 2, 2014 at 20:07

2 Answers 2

Reset to default
4

You can change group of the upload directory chgrp nogroup UPLOAD_DIR and set group ID on it chmod g+s UPLOAD_DIR - files created in this directory will have group nogroup. You can set default rights using umask 002 (perhaps when starting WinSCP session?) and all files will have rw rights for group. The owner will still be root, but the Nginx process should be able to manage files through nogroup membership.

Improve this answer
4

I do not know of any automatic solution for new files. Though, if you find that you need to keep changing the ownership manually, you can make use of various WinSCP features to make your life easier.

WinSCP allows changing ownership in the GUI (though if you use OpenSSH server, you have to use numeric GID/UID).

Alternatively, you can execute the chown command from WinSCP itself to avoid opening separate shell terminal. You can even setup a custom command chown nobody:nogroup . in WinSCP to speed this up.

You can even assign a keyboard shortcut to the command to make this even easier:

enter image description here

For updating files, make sure you disable transfer setting Transfer to temporary filename as this effectively creates a new file for every transfer (by default for files over 100 KiB only). When disabled, WinSCP only updates an existing file, so the ownership is preserved.
https://winscp.net/eng/docs/resume#automatic
https://winscp.net/eng/docs/ui_pref_resume

Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .