On Thu, Dec 07, 2017 at 10:47:28AM +0000, steve-ALUG@hst.me.uk wrote:
On 05/12/17 09:52, Chris Green wrote:
I've been trying to find a good solution to this problem for *years* but I'm still hitting problems with it. The current problem is that syncthing doesn't deal well with directories and files which have different owners on different systems.
The essential problem is that web files which are manipulated by apache need to be owned by www-data but I want to be able to edit these files as well. In particular I have a wiki where I sometimes edit the files using the wiki (ownership ends up as www-data) and sometimes I edit them directly with an editor (ownership ends up as chris).
Currently I use access control lists (setfacl) to make things so that both chris and www-data can both manipulate files in the wiki directory regardless of whether they are owned by chris or www-data but this isn't a perfect solution as the correct settings don't always get put on new files.
What I really need is:-
All the wiki files are owned by 'chris' (the wiki is rooted in my home directory and is synchronised across a couple of machines by syncthing). www-data can read/write/create files in the ~/chris/wiki directory but they will always be owned by 'chris'.Can anyone see a way of implementing this? ... or any other reasonable solution?
https://unix.stackexchange.com/questions/115631/getting-new-files-to-inherit...
Group permissions don't (quite) do it. The 'S' bit on group does this and it was my original attempt at handling the issue.
Or change apache's user to chris, or use a file-system-modification watcher to look for new files and change their owner, or write a cron job or similar to regularly change the file ownership or....
Changing the apache user to 'chris' would be a big risk IMHO, I don't want all and sundry on the web to have access to my files. Yes I know it's not this bad as I don't allow outside access to my web server and apache also limits access via its configuration but it's a risk I'd rather avoid.
I looked at the file system watcher approach, possible but would take quite a lot of work.
A cron job is certainly a possibility, it's simple and probably effective, the *only* issue is that it might lag behind reality a little depending on how often you run the cron job.
you can do this with samba, you may be able to do this with some other "mount" options for other filesystems: move the wiki directory somewhere else. Use samba (or other) to mount it in the desired subdirectory, BUT use mount options to force user and group to be a specific user. That way, all newly created files will actually be owned by the correct user.
I hadn't thought about this possibility, I'll look into what mount/samba might be able to do, though I don't like using samba/cifs if I can avoid it, I always find its ways rather arcane.