Gerhardus.Geldenhuis at gta-travel.com
2009-Mar-06 11:34 UTC
[CentOS] problems with acl permissions changing ownership
Hi I am trying to get a non privileged user to update config files for apache httpd and have attempted the following: I have set the following permissions: setfacl -m user:deployer:--x /etc/httpd setfacl -R -m u:deployer:rwx,o::--- /etc/httpd/conf.d setfacl -R -m u:deployer:rwx,o::--- /etc/httpd/conf I then have a script that is run as the deployer user to checkout config files from svn and copies it to /etc/httpd directory in the following way: cd /tmp/versioned-config; cp -Rfp --backup --suffix=.$(date +%F_%T) apache/etc/ / However when I do that the ownership of the config files changes to deployer.deployer and it looses the special permissions... How can I prevent changing of ownership? The setfacl man page suggest the use of the -p flag to preserve permissions. Should I be using ACL's? Is there a better way of doing this? The --backup flag also complicates matters and I am considering getting rid of it. Regards ______________________________________________________________________ This email has been scanned by the MessageLabs Email Security System. For more information please visit http://www.messagelabs.com/email ______________________________________________________________________
From: "Gerhardus.Geldenhuis at gta-travel.com" <Gerhardus.Geldenhuis at gta-travel.com>> I then have a script that is run as the deployer user to checkout config > files from svn and copies it to /etc/httpd directory in the following > way: > cd /tmp/versioned-config; > cp -Rfp --backup --suffix=.$(date +%F_%T) apache/etc/ / > > However when I do that the ownership of the config files changes to > deployer.deployer and it looses the special permissions...I don't think that would be possible/secure... That would mean that the user 'deployer' could "create" files owned by someone else... Maybe try with something like the group sticky bit... JD