I want to enable two users to write to a specific hiearchy of files and I really can't see an easy way to do it.
To be specific I have a hierarchy of files making up the data files of a wiki which I (mostly) edit directly but also need to be able to edit in the normal wiki fashion. Thus they need to be writeable by the apache2 process (which is user www-data) and directly by the user (which is me, user chris).
Can anyone suggest a way to allow these to be writeable by both users? When a user creates a new file it must be editable by the other user as well so simply creating a common group to which both users belong won't work as, in general, the umask won't give files user write permission.
On 11 November 2010 16:54, Chris G cl@isbd.net wrote:
I want to enable two users to write to a specific hiearchy of files and I really can't see an easy way to do it.
To be specific I have a hierarchy of files making up the data files of a wiki which I (mostly) edit directly but also need to be able to edit in the normal wiki fashion. Thus they need to be writeable by the apache2 process (which is user www-data) and directly by the user (which is me, user chris).
Can anyone suggest a way to allow these to be writeable by both users? When a user creates a new file it must be editable by the other user as well so simply creating a common group to which both users belong won't work as, in general, the umask won't give files user write permission.
I can suggest two ways, depending on what your distro supports:
1. You can set the sticky bit on the group so that all the files created in the directory are owned by the group rather than the user: i.e. 'chmod 2660 TheDir' The 2 sets the sticky bit for the group, replace the 660 with whatever you need.
2. You could use ACLs in addition to the normal User, Group, Other permissions. These can also be set to inherit so that new files created get the same permissions?
On Fri, Nov 12, 2010 at 11:56:49AM +0000, Karl Foley wrote:
On 11 November 2010 16:54, Chris G <[1]cl@isbd.net> wrote:
I want to enable two users to write to a specific hiearchy of files and I really can't see an easy way to do it. To be specific I have a hierarchy of files making up the data files of a wiki which I (mostly) edit directly but also need to be able to edit in the normal wiki fashion. Thus they need to be writeable by the apache2 process (which is user www-data) and directly by the user (which is me, user chris). Can anyone suggest a way to allow these to be writeable by both users? When a user creates a new file it must be editable by the other user as well so simply creating a common group to which both users belong won't work as, in general, the umask won't give files user write permission.I can suggest two ways, depending on what your distro supports:
- You can set the sticky bit on the group so that all the files created
in the directory are owned by the group rather than the user: i.e. 'chmod 2660 TheDir' The 2 sets the sticky bit for the group, replace the 660 with whatever you need.
Thanks, I think this will probably do what I went when I have got my mind round the documentation. I *believe* the bit you call the 'sticky' bit is more usually called the SETGID bit.
- You could use ACLs in addition to the normal User, Group, Other
permissions. These can also be set to inherit so that new files created get the same permissions?
Links:
- mailto:cl@isbd.net/
main@lists.alug.org.uk http://www.alug.org.uk/ http://lists.alug.org.uk/mailman/listinfo/main Unsubscribe? See message headers or the web site above!
On 18 November 2010 18:26, Chris G cl@isbd.net wrote:
On Fri, Nov 12, 2010 at 11:56:49AM +0000, Karl Foley wrote:
I can suggest two ways, depending on what your distro supports: 1. You can set the sticky bit on the group so that all the files created in the directory are owned by the group rather than the user: i.e. 'chmod 2660 TheDir' The 2 sets the sticky bit for the group, replace the 660 with whatever you need.
Thanks, I think this will probably do what I went when I have got my mind round the documentation. I *believe* the bit you call the 'sticky' bit is more usually called the SETGID bit.
I think that's incorrect (in this context). In Linux, Set-GID is mode_t S_ISGID, and Sticky is S_ISVTX.
See: man 2 chmod
Srdjan
On 18 Nov 18:26, Chris G wrote:
On Fri, Nov 12, 2010 at 11:56:49AM +0000, Karl Foley wrote:
On 11 November 2010 16:54, Chris G <[1]cl@isbd.net> wrote:
I want to enable two users to write to a specific hiearchy of files and I really can't see an easy way to do it. To be specific I have a hierarchy of files making up the data files of a wiki which I (mostly) edit directly but also need to be able to edit in the normal wiki fashion. Thus they need to be writeable by the apache2 process (which is user www-data) and directly by the user (which is me, user chris). Can anyone suggest a way to allow these to be writeable by both users? When a user creates a new file it must be editable by the other user as well so simply creating a common group to which both users belong won't work as, in general, the umask won't give files user write permission.I can suggest two ways, depending on what your distro supports:
- You can set the sticky bit on the group so that all the files created
in the directory are owned by the group rather than the user: i.e. 'chmod 2660 TheDir' The 2 sets the sticky bit for the group, replace the 660 with whatever you need.
Thanks, I think this will probably do what I went when I have got my mind round the documentation. I *believe* the bit you call the 'sticky' bit is more usually called the SETGID bit.
Indeed, 2 is the setgid bit, 1 would be the sticky bit which is a completely different thing.
Better for reading would have been chmod g+s TheDir.
The sticky bit (+t) means that only the owner of the file can delete it, no matter what the group permissions are.
Cheers,
-
Brett Parker -
Chris G -
Karl Foley -
Srdjan Todorovic