Hi. Brand spanking new user (from Australia) - first let me say I'm well impressed with powweb; I cant believe how much I'm getting for my money. :D

And now for my question. Apologies because I know chmod comes up a lot, but I've hunted and just cant find the complete answer I'm after. Which is, precisely who is represented by the user and group components of file permissions in my package; ie, the UID and GID?

Just let me say that I 100% understand chmod permissions and the role of users and groups in Unix. In looking through the forums I think I've also found that the user for all accounts within my 'package' - including all secondary/sub ftp users I create - is the primary user running my web service. So that UID is always the same, no matter which one of my accounts actually logs in.

But who is the group, the GID? Is this shared by other users completely unrelated to my 'package'? Do I have any control over that?

The reason I ask is this: I cannot see any meaningful use for the first 2 file permission ordinals in chmod. That is, as every user account is always the same user, and every user is always a member of the same group, surely it makes no difference whatsoever what I put in the group permission??

Am I wrong? And either way, is there any way I can restrict my sub ftp users so that they cannot modify each others files? (Eg, they all share a root of ~/filez but each have their own sub directory of <user> under that - I only want <user1> to be able to modify files under ~/filez/user1 but am happy for everyone to have r-x perms.)

Thanks very much!

If you are just wanting to restrict what files an ftp user can access / change, that can be done in OPs when you create the new ftp user.

After you've created the new ftp user, change the path associated with that user so that they can only access their directory and the directories below it. Set the path to something like /www/u/username/htdocs/filez/user1 This path would restrict user1 to his/her directory and any directories within the /user1/ directory.

Any time that user1 connects via ftp, his/her root directory would be user1 and he/she would not be able to navigate above that directory.

p.s. - remember that you are the one responsible for any files that other users may upload to your web space.

But who is the group, the GID? Is this shared by other users completely unrelated to my 'package'?"customer"=500 is the group.
Do I have any control over that? No.


surely it makes no difference whatsoever what I put in the group permission??
"group" portion doesn't have much meaning in this setup.

Am I wrong? And either way, is there any way I can restrict my sub ftp users so that they cannot modify each others files?Not that way.
JJ gave you the answer.

Thanks to you both.

I should have said that I already set things up so the ftp users have a restricted path. The thing is what I was hoping for is the equivalent of a "real" 755 - they could all add/modify their own content, but only read each others. (We're all friends sharing the space you see.)

Guess we'll just have to play nice ;)

Oh, forgot to ask extras: the customer|500 group - who else is in that? is it ONLY my user account, or am I grouped with other package users? If its shared, isnt that a bit of a hole (couldnt they access my content)? I'm assuming the answers no though...

All cutomers are in the same group.
So you should use 700, 600 ... for files that have important info.

However, all files accessed by Apache must have permission for the group (640 in general).
This includes .htaccess and password file(s).
CGI and PHP files don't need the permission for the group (because of SuExec),
and 700 and 600 are fine for them. (I even use 500 and 400, which can be set via sitemanager or script.)