On Wed, 2009-01-07 at 12:37 -0700, Kyle Waters wrote: > I have a web application that I want to restrict access to on the > server. There are a couple of devs that need to have write access and > we have an already established group for that. So all the files belong > to that group and the stick bit is set. I removed all access to the > files by world and then set an acl to allow apache to read the file. > The problem is that a lot of text editors copy the old file as a back up > and then write out the file as new when they save. That means I lose > all of my acls since the stick bit doesn't apply. I know I can add > apache to the group, but that weakens security. Is there a better > solution that I'm not aware of(besides switching text editors)?
Step one: File a bug report. Every decent text editor should know how to preserve all Unix permissions, ACLs and extended attributes (think: SELinux). Just to be clear, when you say sticky bit, you mean "chmod +t" right? I don't see what preventing non-owners from deleting the file has to do with allowing Apache access to the file. Would either making the directory setgid (chmod g+s), or setting default ACLs (setfacl -m d:...) on the directory meet your needs? -- When you tell me I should give proprietary software a fair technical evaluation because its features are so nice, what you are actually doing is saying "Look at the shine on those manacles!" to someone who remembers feeling like a slave. -- Eric S. Raymond /* PLUG: http://plug.org, #utah on irc.freenode.net Unsubscribe: http://plug.org/mailman/options/plug Don't fear the penguin. */
