I have a server running PureFTP and Apache.
If I create an FTP user, it gets a directory under /home/ftpusers owned by ftpuser.ftpgroup
I need to create an FTP user that can upload images that the webserver will use (simple: I symlink the directory into the relevant path in DocumentRoot), however I also need Apache to be able to write to the files (images will be uploaded by the website admin backend as well as via FTP).
How do I achieve this?
I can add Apache (www-data) to ftpgroup, which should solve this but would also give Apache write access to all files uploaded by any FTP user, which I don't want to do.
I can make the files world-writeable, which I don't like in principle, but also is going to cause problems as images get uploaded by FTP or Apache (eg new images are not going to inherit the world-write permissions without some changes to the FTP configuration and the web application).
This must be a standard problem with a standard solution?