Newbie linux permission question

Craig White craig at tobyhouse.com
Wed Dec 6 15:28:22 MST 2006 

I probably wouldn't recommend changing the daemon users.

If you set gid on a directory belonging to group say users...

chgrp users my_dir

then set the gid bit...

chmod g+s my_dir

then all files created in that directory belong to the group 'users'

Now if another user creates files in that directory and that user
doesn't belong to 'users' group, he can still edit the file anyway
because he owns it and if the file is created with a umask of 002, then
the group has read/write permissions which seems to solve your dilemma.

Craig

On Wed, 2006-12-06 at 15:17 -0700, Marius Toma wrote:
> Thanks Judd,
> 
> The thing is, I want apache (nobody) to be able to edit his own files, 
> but not the ones created by the ftp user! So the permission should look 
> like: 775 (for apache created files) I'm assuming.
> Now I'm assuming that the directory permission should change to 775 also...
> 
> ALSO... Do I need the execute permission (user or group)? Now apache 
> creates the files with 644!
> 
> I figured out how to change the group for the new created files by 
> apache (in httpd.conf), but from where can I set up the permission to 
> 664 instead of 644?
> 
> Regards,
> Marius
> 
> Judd Pickell wrote:
> > Okay, you don't want a valid user for nobody account. The reason it is 
> > nobody is for system protection (since it doesn't exist and basically 
> > only has access to apache files).
> >
> > The basics of what you want to do is pretty simple, however I don't 
> > know all the steps. The basics are:
> >
> > 1) create a group that will have the ability to read/write the files 
> > in question.
> > 2) Assign the ftp user account to the group.
> > 3) Modify Apache's config so that it creates files with a 575 
> > permission instead of the normal 655.
> > 4) Modify Apache's config so that it creates files with the 
> > owner/group of nobody/<group you created>
> > 5) chown the current directory to the nobody/<group you created>
> > 6) chmod the current directory to 575
> > 7) Modify the ftp users' config so that it creates files/folders with 
> > the group id of the <group you created>
> >
> > Basically the ftp user can do anything with the files in question. The 
> > apache can only create the files, but can not modify them (r-xrwxr-x) 
> > and can display them. I hope this helps.. :)
> >
> > Sincerely,
> > Judd Pickell
> >
> >
> > On 12/6/06, *Marius Toma* <marius at pro-websolutions.com 
> > <mailto:marius at pro-websolutions.com>> wrote:
> >
> >     Hi guys,
> >
> >     I'm new to linux so do not kill me!
> >
> >     This is what I want if is possible:
> >     I want to be able to create a new user that can overwrite nobody's
> >     (apache user) files, but I don't want nobody to change the files
> >     that I
> >     created with the new user!
> >
> >     The situation:
> >     I have a website, that has an online editor so I can edit/create html
> >     files. I want with the new user to be able to edit these files
> >     (Ex: via
> >     FTP, ssh) , but also upload new ones that can not be editable via the
> >     online editor
> >
> >     How should the UID/GID look like for the new user?
> >
> >     I created a new user and gave him the same UID as nobody (so I can
> >     make
> >     the changes I want, for now)... but is not what I want!
> >
> >     Thanks,
> >     Marius
> >     ---------------------------------------------------
> >     PLUG-discuss mailing list - PLUG-discuss at lists.plug.phoenix.az.us
> >     <mailto:PLUG-discuss at lists.plug.phoenix.az.us>
> >     To subscribe, unsubscribe, or to change  you mail settings:
> >     http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
> >
> >
> > ------------------------------------------------------------------------
> >
> > ---------------------------------------------------
> > PLUG-discuss mailing list - PLUG-discuss at lists.plug.phoenix.az.us
> > To subscribe, unsubscribe, or to change  you mail settings:
> > http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.plug.phoenix.az.us
> To subscribe, unsubscribe, or to change  you mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
-- 
Craig White <craig at tobyhouse.com>

More information about the PLUG-discuss mailing list