Is it possible to allow regular users to work on a web page but not anything else?

jdruin · 11-07-2003, 09:19 PM

Is it possible to allow regular users to work on a web page but not anything else? For example, the web page is kept in the www directory. There are also other files in that directory. I do not want the user to be able to access anything else in the diretory. The page is a community page that I want to allow reglar users work on, but I do not want to compromise the box or other pages. It is important the user be able to see the page on the web server to see how it "fits". Any ideas?

Additionally, if I made a group and put users allowed to work on the page into the group, can I make all users in the group have to have the same password to login without actually affecting their passwords. For example, to access the page, people in the group would have to enter another common password upon trying to access the file. Not sure if this is possible.

Thanks

scott_R · 11-07-2003, 10:47 PM

What you do is make a group that's only for that file/directory (depending on your needs), then add that group to the user's list of groups they are members of. For instance, make a 'webpage' group, make that file owned by the webpage group (chown), then make those users who need to access the file members of that group. When they log into their normal accounts, they'll automatically log into their ability to edit that page, but you'll also be able to track (log) who changed what when, if you desire.

As far as seeing how it "fits" into the directory structure (I'm assuming), you can edit the group permissions to allow them to read the directory, but only edit that one (or group of) files.

saint · 11-08-2003, 12:50 PM

Quote:

Originally posted by scott_R

As far as seeing how it "fits" into the directory structure (I'm assuming), you can edit the group permissions to allow them to read the directory, but only edit that one (or group of) files.

If the group has only read permissions on the directory, they will not be able to create new files in that directory.

jdruin · 11-08-2003, 08:33 PM

Thanks for the info all.

saint - does the fie inherit all the permissions of the directory automatically, even if the file has read and write permissions? So if I make the file read/write for the group and make the file's directory read only, the file will become read only?

saint · 11-08-2003, 10:13 PM

No they do not. You have to use the -R option with chmod to set the permission of the files in a directory.

iainr · 11-10-2003, 03:59 AM

Quote:

Originally posted by jdruin
does the fie inherit all the permissions of the directory automatically, even if the file has read and write permissions? So if I make the file read/write for the group and make the file's directory read only, the file will become read only?

Permissions on a directory and on a file mean slightly different things.

Directory
Read : Can see files in the directory (e.g. with ls)
Write : Can create and delete files in the directory (even if the files themselves do not have write permissions set).
Execute : Can cd into a directory.

(Note, with write only you can still edit a file as long as you know the name - you just can't do an ls or cd into the directory to take a look).

File
Read : Can view contents of a file
Write : Can edit contents of a file
Execute : Can execute a file.

This does lead to some funny situations. For example, if the directory is writable but the file is not, you can delete the file but not edit it (of course, a sneaky thing to do is copy the contents of the file into another file, edit the copy, delete the original and rename the copy to the original, so if you have write permission on the directory you can override not have write permission on the file if you really want to - as long as you can read the file).

In short, never have write permission on a directory unless you really need it.