I consolidated several applications on one linux host. Every applications runs in its own environment with its own user.
Application A, which can be compared as an E-Mail Client, is receiving and creating files that application B is processing. After processing by B, it is then processed again by A and sent away.
What I set up is an cronjob running under root that moves files from A to B and vice-versa. The job not only moves files, it also set the file permissions and owner to ensure the files can be processed.
I would like to have such a job without running it under root (security reasons).
The job itself is part of the application stack and therefore I want it to run in a user environment.
So far I thought of these solutions:
- running all applications under the same user account (no prob to move files, but less secure as one user is able to interact not only with "his" application but also with others running under the same user)
- creating Files using ACLs. So for example the cronjob running on B can only move files created by A, but cannot change other files (like configuration files, binaries, etc) from A.
Can you think of other solutions?