[Lilug] Still stuck on file permissions
Robert Wilkens
robwilkens at gmail.com
Thu Feb 26 06:53:48 PST 2009
This probably _Doesn't_ give you the answer you were looking for. But is an
option for the development machine to work on files in the public_html
directory of the users home dir, then access (for development purposes) the
files as if they were in http://localhost/~username work?
I mean, I think you can still do this with apache, but I haven't used it in
forever.
Rob
From: lilug-bounces at lilug.org [mailto:lilug-bounces at lilug.org] On Behalf Of
Kenneth Downs
Sent: Thursday, February 26, 2009 9:47 AM
To: LILUG Mailing List
Subject: [Lilug] Still stuck on file permissions
I've complained about this before, but I'm still hoping somebody can tell me
something I don't know.
I'll skip the details and just say the situation is that a programmer is
developing a web app, but the web app also does code generation, so the
programmer (a regular linux user) must have full control over the files, but
the apache process (www-data on ubuntu) must also have full control.
This is only on a dev workstation, the situation can be avoided on a
production server but not on a dev workstation.
Here is the question: It seems to me that everything about Linux is set up
to prevent this from happening without major interventions that a newer
Linux user will not understand and a veteran will consider inappropriate.
Am I missing something? Is there a simple way to give two users full
control over a body of files? Don't just say "groups" automatically, see
below:
METHOD 1:
1) Add the programmer's user account to the www-data group (veterans may
object, newbies may stumble)
2) Put perms to 6770 on the file tree
3) Set ownership to <user>:www-data on the file tree
This is what I am doing now. Believe it or not this is as simple as I could
figure it, but I'm shooting for simpler.
METHOD 2:
This gives the veterans fits, but I figured on a dev workstation I would
just run apache as my account. This is more invasive, but only at a single
point. At this point the veterans jump in with "never, never, never" but
don't usually address the context of the situation, so I don't know what to
do with their advice.
METHOD 3:
Complex ACL's. There seems to be on-off support for more complex file
permissions in Linux, but I get the sense it is a red-headed stepchild. If
there were a more powerful permissions system that understood the idea of
giving two separate users the same permissions, I'd be very happy to accept
a configurable dependency, but I don't get the idea that's out there.
So I'm really hoping I missed something in the last 10 years on how linux
controls file permission :(
--
Kenneth Downs
Secure Data Software
ken at secdat.com www.andromeda-project.org www.secdat.com
Office: 631-689-7200
Cell: 631-379-0010
Fax: 631-689-0527
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.lilug.org/pipermail/lilug-lilug.org/attachments/20090226/c979b54f/attachment-0003.htm>
More information about the Lilug
mailing list