From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1RdoZ8-0001UB-B2 for garchives@archives.gentoo.org; Thu, 22 Dec 2011 19:44:34 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id C0E2C21C1DA; Thu, 22 Dec 2011 19:44:20 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) by pigeon.gentoo.org (Postfix) with ESMTP id 3DFD721C193 for ; Thu, 22 Dec 2011 19:43:03 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp.gentoo.org (Postfix) with ESMTP id CA7A51B4004 for ; Thu, 22 Dec 2011 19:43:02 +0000 (UTC) X-Virus-Scanned: by amavisd-new using ClamAV at gentoo.org X-Spam-Flag: NO X-Spam-Score: -5.134 X-Spam-Level: X-Spam-Status: No, score=-5.134 tagged_above=-999 required=5.5 tests=[AWL=1.667, BAYES_00=-1.9, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-2.6, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham Received: from smtp.gentoo.org ([127.0.0.1]) by localhost (smtp.gentoo.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UCVj-WwW2Htb for ; Thu, 22 Dec 2011 19:42:55 +0000 (UTC) Received: from lo.gmane.org (lo.gmane.org [80.91.229.12]) by smtp.gentoo.org (Postfix) with ESMTP id 399CE1B4011 for ; Thu, 22 Dec 2011 19:42:55 +0000 (UTC) Received: from list by lo.gmane.org with local (Exim 4.69) (envelope-from ) id 1RdoXV-0002QE-JZ for gentoo-user@gentoo.org; Thu, 22 Dec 2011 20:42:53 +0100 Received: from athedsl-377772.home.otenet.gr ([79.131.27.170]) by main.gmane.org with esmtp (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Thu, 22 Dec 2011 20:42:53 +0100 Received: from realnc by athedsl-377772.home.otenet.gr with local (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Thu, 22 Dec 2011 20:42:53 +0100 X-Injected-Via-Gmane: http://gmane.org/ To: gentoo-user@lists.gentoo.org From: Nikos Chantziaras Subject: [gentoo-user] Re: Allow non root users to edit files owned by root? Date: Thu, 22 Dec 2011 21:42:56 +0200 Organization: Lucas Barks Message-ID: References: <4EF0A415.8020007@libertytrek.org> <4EF3506B.5020802@libertytrek.org> <4EF37CB7.1080400@libertytrek.org> <20111222212107.2fcfba70@rohan.example.com> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Complaints-To: usenet@dough.gmane.org X-Gmane-NNTP-Posting-Host: athedsl-377772.home.otenet.gr User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:8.0) Gecko/20111117 Thunderbird/8.0 In-Reply-To: <20111222212107.2fcfba70@rohan.example.com> X-Archives-Salt: 9497039a-3921-4d68-bec9-50d913e77c9e X-Archives-Hash: 4804b674c26b1dca347095049c809a52 > If you need to allow just one single user to access just one single > directory, you are better off with using Posix ACLS (NOT regular > owner, group and perms - that almost never works out right for www data) Depends. On a multi-user server I maintain, where every user has a ~/public_html/ directory, I let apache run PHP scrips with suphp (www-apache/mod_suphp) so that files are not written with "www-data" or "apache" permissions, but fully belong to the users, like every other file they own. This means there's no need for ACLs or any other kind of permission setup.