Re: Grouping groups

• Previous message: Josh Robinson: "Re: Upgrading from stable to testing with apt-get?"
• In reply to: Stephen Touset: "Grouping groups"
• Next in thread: DGLU TR: "Re: Grouping groups"
• Reply: DGLU TR: "Re: Grouping groups"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Date: Tue, 30 Dec 2003 17:27:43 +0000
To: debian-user@lists.debian.org

On Tue, Dec 30, 2003 at 11:43:44AM -0500, Stephen Touset wrote:
> I'm trying to set up a website on a Debian server in which anyone in one
> group (www-data) can modify all files under /var/www,

Don't use www-data for this. From
/usr/share/doc/base-passwd/users-and-groups.txt.gz:

    Some web servers run as www-data. Web content should not be owned by
    this user, or a compromised web server would be able to rewrite a
    web site. Data written out by web servers, including log files, will
    be owned by www-data.

> but anyone in another specified group (management) can only modify
> /var/www/updates and /var/www/files.
>
> My idea is to create the management group, which will possess read-write
> capabilities on /var/www/files and /var/www/updates. The most intuitive way
> to proceed from here would be to specify that www-data "contains" the
> management group. Thus, anyone of group www-data is also automatically of
> group management, but anyone in group management is not automatically in
> www-data. However, I'm not sure if it's possible to specify group
> inheritances in /etc/groups. Is it possible?

That's not possible in the Unix model of groups, I'm afraid.

> Will I just have to manually add the certain users to www-data and
> management? Or is there another way.

I think I'd be inclined to hack adduser to automatically add users to
the content group when you add them to management. Would that work for
you?

Cheers,

-- 
Colin Watson                                  [cjwatson@flatline.org.uk]
-- 
To UNSUBSCRIBE, email to debian-user-request@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

• Previous message: Josh Robinson: "Re: Upgrading from stable to testing with apt-get?"
• In reply to: Stephen Touset: "Grouping groups"
• Next in thread: DGLU TR: "Re: Grouping groups"
• Reply: DGLU TR: "Re: Grouping groups"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Relevant Pages eGroupWare (was Re: [opensuse] wheres novell? (bit of a rant)) ... For server end Synchronisation there is also Funambol/Sync4j ... Project management, knowledge base, wiki, accounting, ... from my experience of using egw on a kind of extended trial... ... this is something I believe Funambol does better. ... (SuSE) Managing our complete company using Microsoft products ... Directory, Mail Server, File Server and Print Server. ... Directory and network, while the other one has 6 peer-to-peer Windows 2000 ... We do not have a system administrator, and we do not have the resources or ... who wrote this are doing all of their project management and enterprise ... (microsoft.public.project) Managing our complete company using Microsoft products ... Directory, Mail Server, File Server and Print Server. ... Directory and network, while the other one has 6 peer-to-peer Windows 2000 ... We do not have a system administrator, and we do not have the resources or ... who wrote this are doing all of their project management and enterprise ... (microsoft.public.office.misc) Re: Leveling by ID vs. "Standard" ... of this trade called Project Management. ... a database for the "Project Tables," ... to write reports on data from the server database. ... product supporting queries created with SQL. ... (microsoft.public.project) Re: Package Cannot Be Located ... There was any entry in the System Management ... container for the old server. ... "Bernie Kilshaw" wrote: ... I'd then install a new client and check that it picked up the new MP data. ... (microsoft.public.sms.misc)