The torrent daemon runs as the "debian-transmission" user. That user will need to have access to whatever directory he's trying to download to. However, when it creates files, it'll create them owned by it. I would recommend using FACLs to set this up. Let's pretend you want these files to go into "/data/torrent/downloads". I would put your friend's user into some group, I'll call it "Torrenters" and then do:
chown -R nobody:Torrenters /data/torrent/downloads
chmod -R u+rwX,g+rwX,o-rwX /data/torrent/downloads
setfacl -R -m u:debian-transmission:rwX /data/torrent/downloads
setfacl -R -m d:u:debian-transmission:rwX /data/torrent/downloads
setfacl -R -m d:g:Torrenters:rwX /data/torrent/downloads
What this does is the following:
- Set the ownership of the download directory to be owned by no user and the Torrenters group
- Set the directory to be readable (r), writable (w), and executable (X) by the owner user and groups and no one else.
- Add a File Access Control entry that gives the user (u) debian-transmission read, write, and execute on that directory.
- Add a File Access Control entry that will default (d) to giving the user (u) debian-transmission read (r), write (w), and execute (X) on any new files or directories created in that directory.
- Add a File Access Control entry that will default (d) to giving the group (g) Torrenters read (r), write (w), and execute (x) on any new files and directories created in that directory.
Note that "-R" makes it recursive, so all of the contents will receive these settings and using a capitol X instead of a lowercase x means that only those files that are already executable will be granted these new executable permissions (including directories). This is a useful way of setting execute only on those files where it's necessary. So with the default ACLs, if you create a new regular file or you torrent a regular file, it will not be executable by anyone. As soon as you "chmod +x" it, it should be executable by everyone with the proper default ACL.