Hi
I am trying to get a non privileged user to update config files for apache httpd and have attempted the following:
I have set the following permissions:
setfacl -m user:deployer:--x /etc/httpd setfacl -R -m u:deployer:rwx,o::--- /etc/httpd/conf.d setfacl -R -m u:deployer:rwx,o::--- /etc/httpd/conf
I then have a script that is run as the deployer user to checkout config files from svn and copies it to /etc/httpd directory in the following way: cd /tmp/versioned-config; cp -Rfp --backup --suffix=.$(date +%F_%T) apache/etc/ /
However when I do that the ownership of the config files changes to deployer.deployer and it looses the special permissions...
How can I prevent changing of ownership? The setfacl man page suggest the use of the -p flag to preserve permissions. Should I be using ACL's? Is there a better way of doing this?
The --backup flag also complicates matters and I am considering getting rid of it.
Regards
______________________________________________________________________ This email has been scanned by the MessageLabs Email Security System. For more information please visit http://www.messagelabs.com/email ______________________________________________________________________
From: "Gerhardus.Geldenhuis@gta-travel.com" Gerhardus.Geldenhuis@gta-travel.com
I then have a script that is run as the deployer user to checkout config files from svn and copies it to /etc/httpd directory in the following way: cd /tmp/versioned-config; cp -Rfp --backup --suffix=.$(date +%F_%T) apache/etc/ /
However when I do that the ownership of the config files changes to deployer.deployer and it looses the special permissions...
I don't think that would be possible/secure... That would mean that the user 'deployer' could "create" files owned by someone else... Maybe try with something like the group sticky bit...
JD
-
Gerhardus.Geldenhuis@gta-travel.com -
John Doe