I currently have chroot users whos home directories contain both an 'upload' directory and a 'download' directory.
Originally the permissions on the upload directory where
chown user:sftpadmin upload chmod 370 upload and the permissions on the download directory where
chown user:sftpadmin download chmod 570 dowload The purpose of the sftpadmins group is for service accounts that are a member of this group would be able to place/retrieve files for the user from the respective directories.
Now we have a request to allow the users the ability to delete files in the download directory after they are finished with them. However the only option I can come up with to accomplish this is setting the permissions on the download dir to
chmod 770 download
However this would grant the chroot'ed users the ability to write any file to this directory, which I would like to avoid.
Is there any combination of permissions I can set that would allow them the ability to read, download, and delete the files in the directory, without allowing them to write files to the download directory?
It would look something like:
- Allow user to remove (delete) a file
- Will not allow user to change the file.
- Will not allow user to add a file to the directory.