Linux - ServerThis forum is for the discussion of Linux Software used in a server related context.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Could you setup the multi user area as a subversion repo and do a post commit hook to check out a copy to an area that is only accessed and owned by the application?
This is assuming that I understand the problem correctly: The application must _own_ the files
No, you've got it. What you've put is what I am currently doing. I've got a cronjob that runs every 30 seconds that chowns everything. The issue is that periodically they will get errors because their app will try to read the directory before the chown script has run. I was trying to see if there was a better way to handle it, but it doesn't look like it. (Except maybe getting SAP to let me look at the code of the app they are running!)
So long as the application owner ID (e.g. sapadmin) and all your individual users (e.g. bob, sue, tiny, bertha) are members of the group that you put sgid on the directory and you also have read, write & execute bits set for group on the directory there should be no reason the application can't read the files created by the individual users. Remember that users can be members of multiple groups so you don't have to add the app owner to the users group and don't have to add the users to the app owner's group. Ordinarily the file would get that default group from the user but the sgid overrides it to use the group that currently is group for the directory.
Last edited by MensaWater; 09-07-2010 at 12:42 PM.
MensaWater is correct,
I was just thinking "in a strange circumstance" similar to sendmail wanting it's certificate's key to be owned by sendmail and not readable by anyone else (which isn't strange).
You may also have problems if you do not change the user's umask because I think it will default to 022.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.