I’m setting up an FTP server. I am chrooting all users to /home/ftproot. I want one account to have RW access to the entire directory structure (FTPMaster). I want the users to only have RO access to the public folder and RW access to their own folders. I don’t want them to be able to get into the other users folders.
All users are members of the group ftpaccess
Structure:
ftproot
|- Public FTPMaster (RW) Everyone Else (RO)
|- User1 FTPMaster (RW) User1 (RW) Everyone Else (No Access)
|- User2 FTPMaster (RW) User2 (RW) Everyone Else (No Access)
etc…
Current perms:
drwxr–r-- 2 root ftpaccess 4096 Sep 13 16:32 public/
drwxrw---- 2 test root 4096 Sep 13 17:09 test/
drwxrw---- 2 user1 root 4096 Sep 13 16:17 user1/
I have been able to set it so that the users can’t get into each others folders, but the public folder is being difficult as well as giving ftpmaster access to the user folders.
I know how to do this quickly in Windows, but Linux is confusing me. 
7 Spice ups
dataless
(Dataless)
2
Assuming you have a user named ftpmaster, set them as the owner of ftproot.
chown ftpmaster.ftpaccess /ftproot/
That makes ftpmaster the owner and sets the group to anyone in the ftpaccess group.
Set the permissions to the following;
chmod 640 /ftproot/
This sets the owner to RW (no execute) and the group ftpaccess to RO and no execute.
Now ftpmaster should have full access to the main folder and everyone else RO access.
Then on the sub folders;
chown user1.user1 /ftproot/user1/
Do the above for each user.
For the public folder;
chown ftpmaster.ftpacess /ftproot/Public/
Then set the permissions like so;
chmod 600 /ftproot/user1/
This sets the permission to RW for only the owner for each user folder.
chmod 640 /ftproot/Public/
Since ftpmaster owns /Public/ this gives them RW and everyone in the ftpaccess group RO access.
A summary of commands;
chown ftpmaster.ftpaccess /ftproot/
chmod 640 /ftproot/
chown user1.user1 /ftproot/user1/
chown user2.user2 /ftproot/user2/
chown ftpmaster.ftpacess /ftproot/Public/
chmod 600 /ftproot/user1/
chmod 600 /ftproot/user2/
chmod 640 /ftproot/Public/
I’m sure if I missed anything SAM will correct me.
one problem…
In order for chroot to work, root needs to own ftproot. I think that throws off what you said above, but I’m not sure how to adjust it.
I tried logging in as user1 and user2 and it fails. if I change the ownership of ftproot to root, they are able to log in, but then they are jailed into their own folder (/home/ftproot/user1) instead of the ftproot folder (/home/ftproot)
Is what I described possible with root as the owner of ftproot?
Anyone else have any suggestions on setting this up the way that I mentioned in the OP?
