On 08/11/10 13:18, travis+ml-rs...@subspacefield.org wrote:
I often push files from my user account over SSH to my web server, and
want them owned by www-user, which may not have a login shell, should
never accept remote logins, and who may not have a ~/.ssh directory
(and if it did, it would be under the wwwroot, ack!).
This is off-topic, but I don't see a reason for having the files owned
by the www user. If anything, they should only be in the www group and
only group-readable. That is, unless you really want the www user to be
able to write to your files. Think about a vulnerability (in apache,
for instance) which would give someone the ability to act as the www
user. They would then be able to change all of your site content.
There's an approach that's even tighter than this that requires ACLs.
Currently I push as root and then do a chmod, but isn't there a better
way? While I'm doing this, the files are temporarily unavailable, since
they aren't readable by www-user as they exist on the local system.
I think Brian's solution is ideal. Use the setgid bit on your web
directories.
-Steve Polyack
--
Please use reply-all for most replies to avoid omitting the mailing list.
To unsubscribe or change options: https://lists.samba.org/mailman/listinfo/rsync
Before posting, read: http://www.catb.org/~esr/faqs/smart-questions.html
