Re: [PLUG] Linux web server user setup

sean finney on 12 Aug 2004 18:46:02 -0000

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Linux web server user setup

From: sean finney <seanius@seanius.net>

To: plug@lists.phillylinux.org

Subject: Re: [PLUG] Linux web server user setup

Date: Thu, 12 Aug 2004 14:45:45 -0400

Reply-to: plug@lists.phillylinux.org

Sender: plug-admin@lists.phillylinux.org

User-agent: Mutt/1.5.5.1+cvs20040105i

hey aaron, On Thu, Aug 12, 2004 at 02:20:25PM -0400, Aaron Crosman wrote: > The problem I have is that I'm having trouble deciding how best to > configure users and the server for the shared environment. Under > Windows that was about the only thing that I like; it was easy to > control which users could edit which parts of the site. I'm concerned > about finding the right solution for Linux, and I'm looking for > suggestions or articles that discuss this. The articles I found so far > all assume that if someone creates a file that either A) no one else > will be editing that file, and/or B) they know how edit the permissions > to let others edit it. Neither of those assumptions apply to us (the > web editors would like to know as little as possible about how the > permissions work, and never want to have to change them). in a multi-user shared project, there are two Good ways i can think of setting things up. the first option is to use setgid directories with appropriately set group owners. when a directory is has the setgid bit and is group-writable, all files created underneath the directory will inherit the group ownership/permissions. this way, anyone in said group would have the ability to edit each other's files in that directory, without having to make a global change to umask, which could prove troublesome elsewhere. alternatively, many recently-released distributions have support for access control lists, which give an even greater level of control, similar to the access controls on windows files. > I'd like users to be able to update new files so that anyone else on the > web team could edit that file. On our test server I set the umask to > 002, but our hosts are telling me that's a bad idea by default. I can't > expect users to remember to update each file they update so it has group > edit rights (it would quickly become a nightmare). sounds like you might want to try setgid directories. if you have a directory called foo and a group called yourgroup: chmod g+rwxs foo chgrp -R yourgroup foo find foo -type f -exec chmod g+rw {} \; find foo -type d -exec chmod g+rwx {} \; the last commands will fix anything that's already there. > Additionally, when I am running several sites on the server in the > future, how do I control who has access to which sites, without having > major problems with groups being wrong when new files are created. i'd suggest a group for each site. hth, sean
Attachment: signature.asc
Description: Digital signature

References:

[PLUG] Linux web server user setup
From: "Aaron Crosman" <ACrosman@afsc.org>

Prev by Date: Re: [PLUG] mutt/gpg/procmail question

Next by Date: Re: [PLUG] mutt/gpg/procmail question

Previous by thread: [PLUG] Linux web server user setup

Next by thread: RE: [PLUG] Linux web server user setup

Index(es):

Date

Thread