From the man page of twoftpd-auth
And from the man page of twoftpd-xfer
So for example for a web server, we can configure the HOME directory in /etc/passwd like
So myuser is directly chrooted into /srv/http/mysite.com/www
From the above example, which allow an access from user myuser to the directory /srv/http/mysite.com/www which should also be accessed by www-data, we have to set the directories permissions to
root:root 751 /srv root:root 751 /srv/http root:root 751 /srv/http/mysite.com myuser:mygroup 775 /srv/http/mysite.com/www
In order to guaranty that mygroup is maintained/inherited during file/folder creation, also when done by other users, we can just add the group sticky bit.
chmod g+s /srv/http/mysite.com/www
To allow anotherUser to access this directory, we will have to add it to the mygroup group in /etc/group
and don't forget to also set the HOME directory in /etc/passwd to the same HOME as myuser (or at least in the PATH)
The twoftpd startup configuration file (/etc/twoftpd/run) has a default umask set to 022.
So in this condition, users from the group mygroup will not be able to write/modify files/directories in the HOME folder.
So when we put a file, the resulting file rights will be 644.
ftp> put myfile.txt ... ftp> dir ... -rwxrwxr-x 1 myuser mygroup 25 Aug 17 05:22 robots.txt -rw-r--r-- 1 myuser mygroup 2047 Aug 27 16:01 myfile.txt drwxrwxr-x 1 myuser mygroup 4096 Aug 18 20:37 script
By changing the umask to 002 we then have the file rights set to 664 and everybody in the mygroup group will now be able to write/modify files and directories.
ftp> put myfile.txt ... ftp> dir ... -rw-rw-r-- 1 myuser mygroup 1241 Aug 27 16:19 myfile.txt -rwxrwxr-x 1 myuser mygroup 25 Aug 17 05:22 robots.txt drwxrwxr-x 1 myuser mygroup 4096 Aug 18 20:37 script
and the directory rights is now 775
ftp> mkdir mydirectory ... ftp> dir ... -rw-rw-r-- 1 myuser mygroup 1241 Aug 27 16:19 myfile.txt drwxrwsr-x 1 myuser mygroup 4096 Aug 27 16:19 mydirectory -rwxrwxr-x 1 myuser mygroup 25 Aug 17 05:22 robots.txt drwxrwxr-x 1 myuser mygroup 4096 Aug 18 20:37 script