acl sticky bit
Stuart Jansen
sjansen at buscaluz.org
Wed Jan 7 12:54:34 MST 2009
On Wed, 2009-01-07 at 12:37 -0700, Kyle Waters wrote:
> I have a web application that I want to restrict access to on the
> server. There are a couple of devs that need to have write access and
> we have an already established group for that. So all the files belong
> to that group and the stick bit is set. I removed all access to the
> files by world and then set an acl to allow apache to read the file.
> The problem is that a lot of text editors copy the old file as a back up
> and then write out the file as new when they save. That means I lose
> all of my acls since the stick bit doesn't apply. I know I can add
> apache to the group, but that weakens security. Is there a better
> solution that I'm not aware of(besides switching text editors)?
Step one: File a bug report. Every decent text editor should know how to
preserve all Unix permissions, ACLs and extended attributes (think:
SELinux).
Just to be clear, when you say sticky bit, you mean "chmod +t" right? I
don't see what preventing non-owners from deleting the file has to do
with allowing Apache access to the file.
Would either making the directory setgid (chmod g+s), or setting default
ACLs (setfacl -m d:...) on the directory meet your needs?
--
When you tell me I should give proprietary software a fair technical
evaluation because its features are so nice, what you are actually doing
is saying "Look at the shine on those manacles!" to someone who
remembers feeling like a slave. -- Eric S. Raymond
More information about the PLUG
mailing list