On Mon, 16 May 2011, Nicolas Thierry-Mieg wrote:
> This would give apache write access to the site contents, which is bad
> practice.
>
> It also won't solve the umask issue.
> Since the OP wants all members of webdev1 to have write access to site1,
> he needs the setgid bit active on site1/ . And he needs all files in
> site1/ to be 664 as he says.
> But with a umask 077 for all users, any new file created by a user will
> be 600.
> I don't know how to solve that cleanly at file creation (but I don't
> know ACLs).
> You could ask your users to try to remember to chmod any new files; and
> have a find command running in cron regularly to do the chmod when they
> forget.
ACLs sounds like a perfectly reasonable solution to me. Default ACLs set on a
directory apply to files/directories created within it, so there shouldn't be
a file creation issue.
A periodic scan from a cron find isn't a bad idea either, as it provides you a
mechanism to reimpose correctness even if people do something wrong. I don't
think you're likely to find that happens to much with ACLs and most people
don't understand how to use them so won't change them ;)
jh
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
