[ALUG] How to allow easy editing of www-data owned files - or other workarounds?

Huge huge at huge.org.uk
Thu Dec 7 12:40:27 GMT 2017

On Thu, 2017-12-07 at 11:45 +0000, Chris Green wrote:
> On Thu, Dec 07, 2017 at 11:04:06AM +0000, steve-ALUG at hst.me.uk wrote:
> > On 07/12/17 11:00, Huge wrote:
> > > On Tue, 2017-12-05 at 09:52 +0000, Chris Green wrote:
> > > > The current problem is that
> > > > syncthing doesn't deal well with directories and files which have
> > > > different owners on different systems.
> > > In which case you either need to replace syncthing, or give the
> > > directories and files the same owners on different systems!
> > > 
> > +1
> > 
> > If you are replicating files between systems, it does help to have the same
> > usernames, groups, user numbers/ids and group ids, at least for users who
> > have files on multiple machines.
> > 
> Absolutely!!!  That's what prompted the question, I'm *trying* to make
> things so that files are owned by 'chris' everywhere but the
> requirement to give www-data access as well makes that difficult.

You need three UIDs to safely run a web server, and none of them should
be "chris". The server itself should run as one UID, its configuration
files should be owned by a second (so it doesn't have write access to
them) and the content owned by a third. You then use groups to arrange
for the server to have appropriate access to 'stuff' (read access to the
content and configs), the server admin to have write access to the
config and content management (person or system, as appropriate) write
access to the content but no access to the config.

None of these UIDs should be personal accounts or root.

Today is Sweetmorn, the 49th day of The Aftermath in the YOLD 3183
        Ph'nglui mglw'nafh Cthulhu R'lyeh wgah'nagl fhtagn.

More information about the main mailing list