On Thu, Dec 07, 2017 at 12:40:27PM +0000, Huge wrote:
On Thu, 2017-12-07 at 11:45 +0000, Chris Green wrote:
On Thu, Dec 07, 2017 at 11:04:06AM +0000, steve-ALUG@hst.me.uk wrote:
On 07/12/17 11:00, Huge wrote:
On Tue, 2017-12-05 at 09:52 +0000, Chris Green wrote:
The current problem is that syncthing doesn't deal well with directories and files which have different owners on different systems.
In which case you either need to replace syncthing, or give the directories and files the same owners on different systems!
+1
If you are replicating files between systems, it does help to have the same usernames, groups, user numbers/ids and group ids, at least for users who have files on multiple machines.
Absolutely!!! That's what prompted the question, I'm *trying* to make things so that files are owned by 'chris' everywhere but the requirement to give www-data access as well makes that difficult.
You need three UIDs to safely run a web server, and none of them should be "chris". The server itself should run as one UID, its configuration files should be owned by a second (so it doesn't have write access to them) and the content owned by a third. You then use groups to arrange for the server to have appropriate access to 'stuff' (read access to the content and configs), the server admin to have write access to the config and content management (person or system, as appropriate) write access to the content but no access to the config.
A counsel of perfection but I've not seen this on a small system, ever.
In reality on most home Linux boxes you will have root as the UID that has access to the web server's configuration and www-data (or another non-user UID) that the web server runs as *and* which owns the 'stuff' files.
In fact I don't really see how the web server *can* have a different UID from the 'stuff', in many situations the web server will create files (e.g. my wiki) and files thus created will be owned by the web server UID. This is essentially my problem, if I could set things so that files created by the web server were owned by some other UID it would solve my problem.
None of these UIDs should be personal accounts or root.
On a big internet facing system I agree, however on a home system without outside access it is IMHO unnecessary. I have root owing the apache2 configuration files and apache2 running with UID www-data which also owns (most of) the web files. The exception is my wiki - which is where we came in! :-)