Fwd: rsync and unlink permission
jw at pegasys.ws
Mon Oct 28 08:21:02 EST 2002
On Mon, Oct 28, 2002 at 03:12:53PM +0800, Patrick Hsieh wrote:
> Hello list,
> I have a apache documentroot with ownership root.www-data and mode 755
> Now I have a /var/www/index.html and chown'd that file to user "foo". Sincen
> "foo" has no write permission under /var/www, he cannot rsync from remote
> server to the local filesystem because rsync will try to make temp file and
> unlink the original file before writing over it. Is there any solution to
> this problem?
This depends on OS, filesystem and mount options. I'm
guessing (read the headers) you're running Linux (debian) so
this should work for you just fine. I also assume that
"foo" is a member of the www-data group.
chmod +t,g+ws /var/www
The perms in ls -l should now read "drwxrwsr-t".
At this point foo and other memebers of the www-data group
can create and delete their own files in /var/www.
You are correct that write permission is needed to create,
rename, and remove links in a directory. Therefore you need
to grant write permission.
The sticky bit on the directory (t) means that only the file
owner can unlink or rename a file therein. The file owner
will still have to have write permission on the directory.
/tmp should always have the sticky bit on.
Setting sgid (the s in "drwxrwsr-t" on the directory will
cause any files and directories created there to have
gid=www-data and the sgid will propigate to the
subdirectories created. This way even if they put a file
there with 640 perms the web server (if in www-data) will
still be able to serve the pages. rsync may override the
mode and group ownership but if you want to grant multiple
people write access sgid helps. A filesystem mounted with
BSD semantics will behave this way even without sgid set.
PS. A web tree doesn't belong in /var. /var is for log
files, caches, and other temporary stuff.
J.W. Schultz Pegasystems Technologies
email address: jw at pegasys.ws
Remember Cernan and Schmitt
More information about the rsync