How to assign proper permissions to both webserver and also svn?

I've a concern with documents possessions in unix.

I have a drupal internet site and also the "documents" folder requires to be possessed by "www - information" in order to allow the customers to post documents with php.

Nonetheless I'm currently making use of svn and also I require all folders and also documents to be very own by "svnuser" in order to function.

So currently, I presume I require to add both customers to a team with correct permissions. I'm not exactly sure just what to do, could you inform me what are the specific essential actions?

many thanks

2019-05-13 05:21:02
Source Share
Answers: 1

The most convenient means to handle this is with access control lists. They permit permissions to be set for as several customers and also teams as you desire, not simply one customer and also one team like the standard unix permissions.

ACLs require to be made it possible for on the filesystem. With ext [234 ] or reiserfs, you require to pass the acl place alternative. Additionally see to it you have the ACL energies mounted (acl plan on Debian or Ubuntu).

Set an ACL that permits both customers to access the documents, and also set a coordinating default ACL on directory sites (the default ACL is acquired by documents developed in the directory site).

setfacl -m user:www-data:rwx -m user:svnuser:rwx -R /path/to/directory/tree
setfacl-d -m user:www-data:rwx -m user:svnuser:rwx -R /path/to/directory/tree

You can set various permissions if you such as. The executable little bit will certainly be overlooked if the documents is not made executable via the non - ACL permissions (the ones you set with chmod).

The commands offered are for Linux. Several various other unix versions sustain ACLs, yet the specific set of readily available permissions and also the energy to set them are not standard.

You can make use of teams to regulate accessibility if you desire. Also if you do, ACL have the benefit that you will not face a umask concern : if you simply create a team, you need to make certain that all documents and also directory sites are team - writable, which suggests you need to see to it any kind of procedure developing a documents has a umask of 002 or 007, which subsequently might create permissions in other places to be extra liberal. So also if you create a team, ACLs serve.

setfacl -m group:mygroup:rwx -R /path/to/directory/tree
setfacl -d -m group:mygroup:rwx -R /path/to/directory/tree

Note that I make no service warranty regarding the viability of this protection version to your usage instance. I'm simply giving an execution.

2019-05-17 18:03:45