group writable web folders with setgid and ACL
Tue, 04/03/2012 - 10:18 — sandipOften times, there is need for web-accessible folders to be set up so all web-developers have write access.
Along with setgid option, ACL can be used so anyone in the group "web-developers"
would have write privileges to anything under web-accessible document root.
So unless the acl privileges is revoked specifically, it would just continue to work.
To enable ACL, add "acl" option to /etc/fstab file for the corresponding partition and remount.
Edit /etc/fstab:
/dev/mapper/home /home & nbsp; & nbsp; ext4 defaults,acl 0   ; 2
Remount:
# mount -o remount /home
Here is the commands to be used for the setup:
# groupadd developers
# chgrp -R developers /path/to/docroot
# find /path/to/docroot -type d -exec chmod g+s {} \;
# find /path/to/docroot -type d -exec setfacl -m g:developers:rwx,d:g:developer s:rwx {} \;
# find /path/to/docroot -type f -exec setfacl -m g:developers:rw {} \;
Now anyone needing write access can be put in the "developers" group.
# usermod -G developers {username}
If you need the webserver to have write access to certain folders, then chown the location to be owned by the webserver, instead of giving write permissions to all.
# chown apache /path/to/docroot/apache
- sandip's blog
- Login or register to post comments
- Read more