On 11/10/22 22:40, hede wrote:
On 11.10.2022 10:03 Richard Hector wrote:
[...]
Then for site developers (who might be contractors to my client) to be
able to update teh site, they need read/write access to the docroot,
but I don't want them all logging in using the same
account/credentials.
[...]
Does that sound like a sane plan? Are there gotchas I haven't spotted?
I think I'm not able to assess the bind-mount question, but...
Isn't that a use case for ACLs? (incl. default ACLs for the webservers
user here?)
Yes, probably. However, I looked at ACLs earlier (months ago at least),
and they did my head in ...
Files will then still be owned by the user who created them. But your
default-user has allĀ (predefined) rights on them.
Having them owned by the user that created them is good for
accountability, but bad for glancing at ls output to see if everything
looks right.
I'd probably prefer that because - by instinct - I have a bad feeling
regarding security if one user can slip/foist(?) a file to be "created"
by some other user. But that's only a feeling without knowing all the
circumstances.
They can only have it owned by one specific user, but I acknowledge
possible issues there.
And this way it's always clear which users have access by looking at the
ACLs while elsewhere defined bind mount commands are (maybe) less
transparent. And you always knows who created them, if something goes
wrong, for example.
Nothing is clear to me when I look at ACLs :-) I do have the output of
'last' (for a while) to see who is likely to have created them.
On the other hand, if you know of a good resource for better
understanding ACLs, preferably with examples that are similar to my use
case, I'd love to see it :-)
?) I'm not native English and slip or foist are maybe the wrong terms /
wrongly translated. The context is that one user creates files and the
system marks them as "created by" some other user.
Seem fine to me :-) But they're owned by the other user; I wouldn't
assume that that user created them. Especially when that user isn't
directly a person.
Thanks,
Richard