0

This may be an odd question but: Is there any way of adding read, write and execute permissions for specific users and/or groups, for a few files, without changing the listed owner/group permissions?

I'm running on Ubuntu 10.10, using bash to install a group of programs. These include Apache2, PHP5. The agent doing the initial installation is root. The agent which ships the code onto the machine is non-root (let's call it "cap"). Root has access of course to /var, /etc and so on. Cap does not. However, Cap is the one which needs to startup and shutdown Apache, place the web application in /var/www, and so on.

Ops are wary of changing group permissions using chmod or chown. E.g. they do not want to see the example below: 

-rw-r--r-- 1 root root 3784 2013-03-29 15:45 file

Changing to: 

-rw-r--r-- 1 cap non-root 3784 2013-03-29 15:45 file

The only alternative I can see is ACL which seems to have finer grained control of who is allowed to rwx which files. But it seems to need you to remount the partition, which ops will disapprove of.

Can this be achieved?

4

1 回答 1

2

I think ACL is your only option. What type of mount is the volume on? I am pretty sure it is enabled by default if it is not NFS. What is the output of getfacl /path/to/file?

Also, if/when you do set an ACL, you may also want to create a soft link to the file/folder if it is contained within a hierarchy that the user or group will not have read/execute permissions on for normal directory traversal.

于 2013-03-30T03:07:54.070 回答