LinuxQuestions.org
LinuxAnswers - the LQ Linux tutorial section.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices

Reply
 
Search this Thread
Old 08-01-2012, 05:19 PM   #1
Wad3
LQ Newbie
 
Registered: Jul 2012
Posts: 15

Rep: Reputation: Disabled
Dir / File Permissions - ACL or CHOWN


I'm looking at what is the best way to give permissions to website admins without giving full access to the system.

Is there any advantage to using ACL to give rw access of our www folder to a group and add those users to that group, verses using CHOWN to give ownership of the www folder to a group and adding my users to that group?

I've also read about setting up a chroot jail, but seems much more complicated.
 
Old 08-02-2012, 12:48 AM   #2
roger_heslop
Member
 
Registered: Oct 2009
Location: Leander, TX
Distribution: Fedora 20
Posts: 82

Rep: Reputation: 31
My personal opinion is that it is best to avoid added complexity if a simpler solution will do what you need. ACL's will need specific mount options and special consideration for backups.

-That said, if all you are looking to do is provide rw permissions to a specific group, standard permissions should serve you well. (As long as, just as you pointed out, your desired group is the owning group)
 
Old 08-02-2012, 12:37 PM   #3
Wad3
LQ Newbie
 
Registered: Jul 2012
Posts: 15

Original Poster
Rep: Reputation: Disabled
Thanks for the reply. To have multiple people in a group have the ability to rwx a file system the group directory and contents would have to be set to 775. I've always been under the understanding that for safety issues you run your files directories at 755 and files at 644. Is ACL the only way to give multiple people rw permissions without setting the files to 775? Or is that the intended purpose of having the ability to set files to 775, so a group can edit. It just seems unsafe.
 
Old 08-02-2012, 09:49 PM   #4
roger_heslop
Member
 
Registered: Oct 2009
Location: Leander, TX
Distribution: Fedora 20
Posts: 82

Rep: Reputation: 31
There isn't a way to tweeze apart a files permissions, and what people are allowed to do with that same file. A quick example, if I set a file at 644, this means that:

The owner has read / write permisssions.
The owning group has read only permissions
Everyone else has read only permissions.

While it is true that this is safer (only the owner can execute), if your entire intent is to give the owning group execute permissions anyway, then ACL's aren't any safer than setting the file to 774, or 770 in the first place.

What ACL's do get you, is more granularity. So if you want to give the owner RWX, a group RWX, everyone else no permissions, but Bob and Sally needed read/write, you have the ability to do that by using the setfacl command. I recommended standard permisssions, because it sounded like a single group of people (and no one else) needed specific permissions, and that's exactly what standard permissions will get you.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] Help with file/dir permissions smecherel Linux - Security 3 12-15-2011 12:57 AM
File permissions on shared folders: a problem for chmod, chown dedeco Linux - Security 1 07-25-2008 10:15 PM
ACL effective permissions problem on file copies le_forban Linux - Newbie 4 07-09-2008 07:57 PM
Compress dir keep file/dir permissions powadha Linux - General 1 11-14-2006 07:07 PM
chown....no such file or dir. Dr.Swing Linux From Scratch 6 10-08-2002 04:42 PM


All times are GMT -5. The time now is 04:13 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration