[Cialug] Permissions Assistance Please?

[Nathan C. Smith]

I'm trying to create an FTP "drop-box".  I'd like to make it easy for
clients to drop files off and easy for internal people to retrieve the
files.  Right now I am using vsftpd and I have a directory set up under
/home/ftp called upload for new files.

So far the FTP part works fine.  An anonymous user can drop files into the
upload folder and they cannot see (ls -lasp etc.) anything that is in the
folder.

The problem is that I would like to set up a web server that does a
directory listing of the files that are in the anonymous drop box.  Right
now the web server runs as www-data and vsftp runs as ftp.

Here are the permissions on the upload folder right now:

4 drwx-ws-wx 2 root root    4096 Jan 30 11:53 upload/

is there a way to make this work using permissions alone or do I have to
change the user one of the services run as?  If I set everything to 777 It
works but I lose the privacy in the ftp directory I was going for.  ls -lasp
will show all the files on the site.

I could use some help or a little lesson in permissions.

As an aside, this isn't going to be in place 24x7.  I will use a rule in the
firewall to flip the FTP availability to 'on' only when we know we have a
large inbound file.

Thanks.

-Nate