Fwd: rsync and unlink permission

jw schultz jw at pegasys.ws
Mon Oct 28 08:21:02 EST 2002 

On Mon, Oct 28, 2002 at 03:12:53PM +0800, Patrick Hsieh wrote:
> 
> Hello list,
> 
> I have a apache documentroot with ownership root.www-data and mode 755
> Now I have a /var/www/index.html and chown'd that file to user "foo". Sincen
> "foo" has no write permission under /var/www, he cannot rsync from remote
> server to the local filesystem because rsync will try to make temp file and
> unlink the original file before writing over it. Is there any solution to
> this problem?

This depends on OS, filesystem and mount options.  I'm
guessing (read the headers) you're running Linux (debian) so
this should work for you just fine.  I also assume that
"foo" is a member of the www-data group.

chmod +t,g+ws /var/www

The perms in ls -l should now read "drwxrwsr-t".
At this point foo and other memebers of the www-data group
can create and delete their own files in /var/www.

You are correct that write permission is needed to create,
rename, and remove links in a directory.  Therefore you need
to grant write permission.

The sticky bit on the directory (t) means that only the file
owner can unlink or rename a file therein.  The file owner
will still have to have write permission on the directory.
/tmp should always have the sticky bit on.

Setting sgid (the s in "drwxrwsr-t" on the directory will
cause any files and directories created there to have
gid=www-data and the sgid will propigate to the
subdirectories created.  This way even if they put a file
there with 640 perms the web server (if in www-data) will
still be able to serve the pages.  rsync may override the
mode and group ownership but if you want to grant multiple
people write access sgid helps.  A filesystem mounted with
BSD semantics will behave this way even without sgid set.

PS.  A web tree doesn't belong in /var.  /var is for log
files, caches, and other temporary stuff.


-- 
________________________________________________________________
	J.W. Schultz            Pegasystems Technologies
	email address:		jw at pegasys.ws

		Remember Cernan and Schmitt

More information about the rsync mailing list