setgid

group writable web folders with setgid and ACL

Tue, 04/03/2012 - 10:18 — sandip

Often times, there is need for web-accessible folders to be set up so all web-developers have write access.

Along with setgid option, ACL can be used so anyone in the group "web-developers"
would have write privileges to anything under web-accessible document root.

So unless the acl privileges is revoked specifically, it would just continue to work.

To enable ACL, add "acl" option to /etc/fstab file for the corresponding partition and remount.

Edit /etc/fstab:

/dev/mapper/home /home    &nbsp;    &nbsp; ext4    defaults,acl        0     ;  2

Remount:

# mount -o remount /home

Here is the commands to be used for the setup:

# groupadd developers
# chgrp -R developers /path/to/docroot
# find /path/to/docroot -type d -exec chmod g+s {} \;
# find /path/to/docroot -type d -exec setfacl -m g:developers:rwx,d:g:developers:rwx {} \;
# find /path/to/docroot -type f -exec setfacl -m g:developers:rw {} \;

Now anyone needing write access can be put in the "developers" group.

# usermod -G developers {username}

If you need the webserver to have write access to certain folders, then chown the location to be owned by the webserver, instead of giving write permissions to all.

# chown apache /path/to/docroot/apache

sandip's blog
Login or register to post comments
Read more

Navigation

Home | Forum | Recent Posts | News | Archives | Contact
This site houses a collection of Tips, Tricks, Resources and Guides of Individuals, put together and edited for personal reference into a daily web journal...
Content may not be reproduced without permission from the Individuals.
Copyright © post 2003 L I N U X w e B l o g . C O M