Or perhaps set up a root cron job that does a relevant chown -R every few minutes if the owner setting is really important. Perhaps if you describe what you're trying to do and why the ownership is so important, someone will come up with a better alternative.
I run a small webserver for a handful of sites. Everything is on one Linux box with 1 IP and each site has a virtual host configured under Apache 1.3. Each site (domain) also has full email service via a Postfix where all the entries for users/aliases are handled in MySQL. I've written some password protected admin web pages so owners of each domain can manage their email settings. One such admin page would allow the manager to add new email users. Adding a user to the MySQL DB is trivial, but to complete the new user set up, a filesystem entry needs to be made for the new user.
The uid/gid of the virtual mail system runs under a name of 'vmail'. Apache runs under 'www-data' and Postfix runs under 'postfix'. I've written the Python script to make the necessary filesystem entries in /home/vmail for the new user. But after testing found that it gets written as uid/gid 'www-data'. I need to change that to a uid/gid of 'vmail'.
So that's specifically what I'm attempting. An admin for any one of the websites (domains) on my server needs to be able to add new user email accounts. Part of this process on my setup is the creation of the filesystem entry for the new user. I wrote the Python script to do that, but need to get a handle on the directory/file ownership.
The suggestions from above make sense and are appreciated. Of them, I would presume the most secure is to have a cronjob for root run every 5 minutes or so. How much overhead to the system is this? Trivial?
My 2nd approach would probably be to rewrite my Python script in C and give it setuid.
The idea of using sudo sounds good, but in my case, I think I'd have to give sudo priviledges to the user 'www-data' to run /bin/chown, which on the surface doesn't sound like a good idea. Although in sudoers I guess I could limit the priviledges by specifying the a very narrow Cmnd_Alias like
'/bin/chown/ -R vmail.vmail /home/vmail/domain'
Thanks again for the suggestions and any additional thoughts.