Permissions with SSH and SFTP

How to have files uploaded through SFTP correctly inherit the group permissions of the parent directory.


By. Jacob

Edited: 2022-07-26 08:56

When either creating new files through SSH, or uploading files through SFTP with a client such as FileZilla, WinSCP, and CyberDuck you may run into a problem where the files have the wrong group ownership and/or permissions assigned after uploading, rendering them inaccessible to your web-server.

It often happens because of incorrect access rights in directories. The problem with ownership can be solved with setgid or setuid.

When you want a web-server to access the files, you would usually want the files to be assigned a certain group. Depending on your configuration, this will either be the users group, or a shared web-server group, such as www-data for Apache.

In order to fix it, we can set the setgid flag on the directory shared with the web-server.

Note. Often this directory will be /var/www/

Doing this will make files uploaded through SFTP "inherit" the group ownership from the parent directory. To do this recursively, we can use this command:

find /var/www/ -type d -exec chmod g+s {} +

The above will target only directories (-type d) using the find command. As for the chmod, the g represents setgid, while the +s enables it. To disable it again, simply run the command with -s instead.

About setgid and setuid

By default, a process will be run as the user who started it. When we, in this case, set the setgid bit of a directory, the process will instead run with the access rights of the group that owns the files.

It is a way to "force" files and directories to have the desired group ownership when uploaded, and indeed, even when created by the web-server itself.

If we instead want to run a process with the access rights of the user, we can set the setuid flag on the directory. To do this, we simply use u instead of g:

find /var/www/ -type d -exec chmod u+s {} +

Tell us what you think:

  1. An in-dept look at the use of headings (h1-h6) and sections in HTML pages.
  2. Pagination can be a confusing thing to get right both practically and programmatically. I have put a lot of thought into this subject, and here I am giving you a few of the ideas I have been working with.
  3. The best way to deal with a trailing question mark is probably just to make it a bad request, because it is a very odd thing to find in a request URL.
  4. How to optimize image-loading and automatically include width and height attributes on img elements with PHP.
  5. HTTP headers are not case-sensitive, so we are free to convert them to all-lowercase in our applications.

More in: Web development