Re: Development permissions

To: debian-user@lists.debian.org
Subject: Re: Development permissions
From: Georgi Naplatanov <gosho@oles.biz>
Date: Wed, 22 Sep 2021 08:32:39 +0300
Message-id: <[🔎] 74ec9d18-8250-aa23-fb51-6ffd15a8fecb@oles.biz>
In-reply-to: <[🔎] 43b715c4-77d6-21a3-5a3c-e7d476a593b8@quillandmouse.com>
References: <[🔎] f7d98d3a-54e1-940f-9092-14766422b88f@quillandmouse.com> <[🔎] 55acf78f-d643-0e1b-a7f9-885078c256ac@oles.biz> <[🔎] 43b715c4-77d6-21a3-5a3c-e7d476a593b8@quillandmouse.com>

On 9/22/21 07:15, Paul M. Foster wrote:
> 
> On 9/21/21 11:42 PM, Georgi Naplatanov wrote:
>> On 9/22/21 06:09, Paul M. Foster wrote:
>>> Folks:
>>>
>>> This is probably a stupid question for many of you, but I've been
>>> struggling with it since I started using Linux in 1996.
>>>
>>> Say you have a directory in which there are development files. A number
>>> of users will be creating, deleting and modifying the files there. This
>>> is the type of situation which might have been common on old Unix
>>> university systems. (Users might be accessing files via Samba, NFS, or
>>> locally.)
>>>
>>> Just to make this more concrete, assume the development tree is in
>>> /var/www/html/website.
>>>
>>> Without setting directory and file permissions to 777, how do you allow
>>> the above? What combinations of groups, directory owners/permissions and
>>> file owners/permissions might make this possible?
>>>
>> Hi Paul,
>>
>> you can create a user group, add all developers to it and give this
>> group permissions to read and write to that particular folder
>> (/var/www/html/website).
>>
>> If you need more granular permissions (e.g. several development teams)
>> then you can use ACLs (Access Control List).
>>
>> Kind regards
>> Georgi
>>
> This is more or less the solution I tried. However, when a user creates
> a file on this system, the permissions are (for example) paulf:paulf.
> This means that, despite the directory permissions, other users won't be
> able to modify the file normally (assuming a system umask of 022).
> 
> However, I did just read an excellent explanation of the setgid bit,
> which apparently, sets the GID of a created file to that of the
> directory, rather than the file's creator. This might work. I haven't
> tested it yet.
> 
> I've heard of ACLs, but never had the need to user or learn about this.
> I'm assuming that attending to ACL issues requires additional steps in
> the creation/editing/deletion of files?
> 

I have not used ACLs either. I heard about them about 15 or more years
ago and it required parameter (as I can remember) during file system
creation. I don't know what is the situation now.

Kind regards
Georgi

Reply to:

References:
- Development permissions
  - From: "Paul M. Foster" <paulf@quillandmouse.com>
- Re: Development permissions
  - From: Georgi Naplatanov <gosho@oles.biz>
- Re: Development permissions
  - From: "Paul M. Foster" <paulf@quillandmouse.com>

Prev by Date: Re: foolish problem with installer: can't load firmware
Next by Date: Re: Development permissions
Previous by thread: Re: Development permissions
Next by thread: Re: Development permissions
Index(es):
- Date
- Thread