[CentOS] Best pratice for this scenario

Tue Jan 10 17:32:19 UTC 2006
Joshua Baker-LePain <jlb17 at duke.edu>

On Tue, 10 Jan 2006 at 5:28pm, RNuno wrote

> All users of the devgroup should change/delete/create files
>
> So if I have a file owned userA:devgroup and so on since every dev
> belongs to
> the devgroup this will work fine but then I have to put the user apache
> on the mix, right?
>
> Some sites have to write files so in that case I have a problem because
> i will
> have a file owned userA:devgroup and for apache write it I have to make
> it world write.
>
> My english is a lilte lame I dunno if I explain myself correctly here,
> but how do you
> manage this types of permissions?

Read up on ACLs and default ACLs -- 'man setfacl' is a good starting 
point.  ext3 supports ACLs if you mount with the 'acl' option.

If you go this route, you want to make sure your backups get the ACLs. 
Only the most recent version of dump backs up ACLs, and tar does not.

-- 
Joshua Baker-LePain
Department of Biomedical Engineering
Duke University