On Tue, Dec 30, 2003 at 05:27:43PM +0000, Colin Watson wrote: > On Tue, Dec 30, 2003 at 11:43:44AM -0500, Stephen Touset wrote: > > I'm trying to set up a website on a Debian server in which anyone in one > > group (www-data) can modify all files under /var/www, > > Don't use www-data for this. From > /usr/share/doc/base-passwd/users-and-groups.txt.gz: > > Some web servers run as www-data. Web content should not be owned by > this user, or a compromised web server would be able to rewrite a > web site. Data written out by web servers, including log files, will > be owned by www-data. > > > but anyone in another specified group (management) can only modify > > /var/www/updates and /var/www/files. > > > > My idea is to create the management group, which will possess read-write > > capabilities on /var/www/files and /var/www/updates. The most intuitive way > > to proceed from here would be to specify that www-data "contains" the > > management group. Thus, anyone of group www-data is also automatically of > > group management, but anyone in group management is not automatically in > > www-data. However, I'm not sure if it's possible to specify group > > inheritances in /etc/groups. Is it possible? > > That's not possible in the Unix model of groups, I'm afraid. > > > Will I just have to manually add the certain users to www-data and > > management? Or is there another way. > > I think I'd be inclined to hack adduser to automatically add users to > the content group when you add them to management. Would that work for > you? > > Cheers, > > -- > Colin Watson [EMAIL PROTECTED]
Where can I find detailed information about groups, i.e., how to create them, their usage, etc. The document pointed at by Collin Watson is great, but too short. Any pointers? Thanks -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]