Re: group permissions
Sorry, I didn't make as much sense as I meant to. Basically, I was
wondering if it is possible for the default group permissions to change
on a created file. like:
I create a file in /var/www called 'test' it is normally:
-rw-r--r-- 1 rvf www-files 0 Jan 16 20:05 test
I would like it to be like this automatically:
-rw-rw-r-- 1 rvf www-files 0 Jan 16 20:05 test
Sorry about the confusion.
-Rob
On Tue, Jan 16, 2001 at 03:34:42PM -0900, Ethan Benson wrote:
> On Tue, Jan 16, 2001 at 07:22:05PM +0000, Rob VanFleet wrote:
> > I have the permissions on /var/www set so that any file created within
> > it is owned by www-data. Currently, www-data does not have write access
> > to the files. What I want to do is set it up so that any file created
> > in /var/www is owned by www-data and www-data has write permissions to
> > it, so that files created by different people can be edited by anyone in
> > www-data.
>
> first this is a very bad thing to do, now the web server will have
> write permission to your entire site, and if its compromised the
> attacker will be able to replace it. normally a httpd compromise won't
> allow for site defacement since no files are owned by the web server
> account: www-data.
>
> you should create a different account for this purpose.
>
> > I hope that made sense.
> >
> > Is there some sort of way of setting a group umask maybe?
>
> you can force all files to be created with a certain *group*
> ownership, but not with a certain *user* ownership.
>
> chgrp www-files (not www-data) /var/www
> chmod 2755 /var/www
>
> now when you create files in /var/www as user `joe' the ownership will
> be joe.www-files
>
> if you want to have it so when joe creates a file there it gets
> ownership www-files.www-files. this is impossible.
>
> --
> Ethan Benson
> http://www.alaska.net/~erbenson/
Reply to: