On Fri, 2020-11-27 at 03:39:36 +1030, Dimitri John Ledkov wrote: > On Thu, Nov 26, 2020 at 2:31 AM Alex Murray <alex.mur...@canonical.com> wrote: >> >> setfacl -m u:libvirt-qemu:rx $HOME >> > > Similar to above for qemu are there similar setfacl commands, would > something similar be also needed for: > - sshd user to access ~/.ssh/authorized_keys , or nothing needed > there?
There is nothing needed here, ssh with public key auth works fine with 750 $HOME - sshd runs as root so this is fine > - in GNOME making ~/Public public? Also tested this and is fine - gnome-user-shame spawns apache2 running as the target user to share via webdav so this also works > - giving access to ~/public_html for the www-data user? This also needs the same ACL based approach: setfacl -m u:www-data:rx $HOME > > If yes, then what are the commands? > > I like this approach of selective and explicit setfacl commands to > grant ACLs on per-usecase basis. This is inline with modern ways of > managing permissions. > > -- > Regards, > > Dimitri. -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss