|
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
|
RE: [PLUG] Linux web server user setup
|
Sean thanks for the answer. That looks like the right solution to the
problem...but for 1 problem. I can't get it to work.
I'm running SuSE 9.1.
The umask is: 0022
I set all the directories have a group of my web group, and xrws
But when I create new directories they come up with the right group and
xr-s permissions, and the files come up -r-
I've tried both through SSH and through SFTP and I always get the same
result. Anyone have any suggestions about what I might be missing?
Aaron
-----Original Message-----
From: plug-admin@lists.phillylinux.org
[mailto:plug-admin@lists.phillylinux.org] On Behalf Of sean finney
Sent: Thursday, August 12, 2004 2:46 PM
To: plug@lists.phillylinux.org
Subject: Re: [PLUG] Linux web server user setup
hey aaron,
On Thu, Aug 12, 2004 at 02:20:25PM -0400, Aaron Crosman wrote:
> The problem I have is that I'm having trouble deciding how best to
> configure users and the server for the shared environment. Under
> Windows that was about the only thing that I like; it was easy to
> control which users could edit which parts of the site. I'm concerned
> about finding the right solution for Linux, and I'm looking for
> suggestions or articles that discuss this. The articles I found so
> far all assume that if someone creates a file that either A) no one
> else will be editing that file, and/or B) they know how edit the
> permissions to let others edit it. Neither of those assumptions apply
> to us (the web editors would like to know as little as possible about
> how the permissions work, and never want to have to change them).
in a multi-user shared project, there are two Good ways i can think of
setting things up. the first option is to use setgid directories with
appropriately set group owners. when a directory is has the setgid bit
and is group-writable, all files created underneath the directory will
inherit the group ownership/permissions. this way, anyone in said group
would have the ability to edit each other's files in that directory,
without having to make a global change to umask, which could prove
troublesome elsewhere.
alternatively, many recently-released distributions have support for
access control lists, which give an even greater level of control,
similar to the access controls on windows files.
> I'd like users to be able to update new files so that anyone else on
> the web team could edit that file. On our test server I set the umask
> to 002, but our hosts are telling me that's a bad idea by default. I
> can't expect users to remember to update each file they update so it
> has group edit rights (it would quickly become a nightmare).
sounds like you might want to try setgid directories. if you have a
directory called foo and a group called yourgroup:
chmod g+rwxs foo
chgrp -R yourgroup foo
find foo -type f -exec chmod g+rw {} \;
find foo -type d -exec chmod g+rwx {} \;
the last commands will fix anything that's already there.
> Additionally, when I am running several sites on the server in the
> future, how do I control who has access to which sites, without having
> major problems with groups being wrong when new files are created.
i'd suggest a group for each site.
hth,
sean
___________________________________________________________________________
Philadelphia Linux Users Group -- http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug
|
|