feature request: "remote user is root, make remote owner is foo"
Steve Polyack
korvus at comcast.net
Wed Aug 11 13:28:33 MDT 2010
On 08/11/10 13:18, travis+ml-rsync at subspacefield.org wrote:
> I often push files from my user account over SSH to my web server, and
> want them owned by www-user, which may not have a login shell, should
> never accept remote logins, and who may not have a ~/.ssh directory
> (and if it did, it would be under the wwwroot, ack!).
This is off-topic, but I don't see a reason for having the files owned
by the www user. If anything, they should only be in the www group and
only group-readable. That is, unless you really want the www user to be
able to write to your files. Think about a vulnerability (in apache,
for instance) which would give someone the ability to act as the www
user. They would then be able to change all of your site content.
There's an approach that's even tighter than this that requires ACLs.
> Currently I push as root and then do a chmod, but isn't there a better
> way? While I'm doing this, the files are temporarily unavailable, since
> they aren't readable by www-user as they exist on the local system.
I think Brian's solution is ideal. Use the setgid bit on your web
directories.
-Steve Polyack
More information about the rsync
mailing list