On Wed, 2009-01-07 at 12:37 -0700, Kyle Waters wrote: > I have a web application that I want to restrict access to on the > server. There are a couple of devs that need to have write access and > we have an already established group for that. So all the files belong > to that group and the stick bit is set. I removed all access to the > files by world and then set an acl to allow apache to read the file. > The problem is that a lot of text editors copy the old file as a back up > and then write out the file as new when they save. That means I lose > all of my acls since the stick bit doesn't apply. I know I can add > apache to the group, but that weakens security. Is there a better > solution that I'm not aware of(besides switching text editors)?
I knew there was something about you email that bugged me, and it wasn't just that you misspelled sticky. ACLs are distinct from traditional Unix file permissions. Traditional Unix file permissions are also referred to as a file's mode, hence the "chmod" command. In addition to user/group/other, read/write/execute, a file's mode also includes "special" permissions: setuid, setgid & sticky. Most modern Unix systems also support ACLs, although some require that you manually activate ACL support. ACLs are modified using the "setfacl" command and are much more powerful, but have their own disadvantages. In other words "I lose all my acls since the stick[y] bit doesn't apply" makes no sense. I'm too lazy go into more detail, but you can find good information after spending a little quality time with Google. Just watch out for random forum questions and answers, most have dubious information. -- When you tell me I should give proprietary software a fair technical evaluation because its features are so nice, what you are actually doing is saying "Look at the shine on those manacles!" to someone who remembers feeling like a slave. -- Eric S. Raymond /* PLUG: http://plug.org, #utah on irc.freenode.net Unsubscribe: http://plug.org/mailman/options/plug Don't fear the penguin. */
