Boston Linux & Unix (BLU) Home | Calendar | Mail Lists | List Archives | Desktop SIG | Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings
Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU

BLU Discuss list archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Linux ACLs or a better idea?

   Here's the simple question:  Has anyone worked with the POSIX ACL for
Linux implementation from ?  Is it worthy of a
production machine, or is there a better (easier, more reliable) way to do
what I want to do?

   What I want to do:  This problem seems pretty basic, but I can't think
of a solution built in to Linux as is.
   I have a system running Apache and providing some services to several
users.  Everything Apache does is owned by a user wwwadm and a group
wwwadm, except for the personal web dirs which are owned by
{user}.wwwadm.  Anyone who has change access to web stuff other than their
own is a member of wwwadm, thus allowing the trusted webmasters to add,
remove, and modify any of the web pages, including user's personal
stuff. (it's the policy I've decided on for now)
   The problem is that now I have a virtual domain with two people (maybe
more in the future) who both need to be able to update it.  Neither is a
member of wwwadm, or root.  How can I set up permissions so that they can
both work on their pages, and the main webmasters can still exercise the
necessary control?
   To me this sounds like a case for Access Control Lists, but that
project is still well into the beta stages.  In fact any package that
doesn't have the confidence for a >1 version number spooks me, especially
file system stuff on a server.  Is there another way to accomplish this
task that I've missed?

Matthew J. Brodeur, mbrodeur at
Hostmaster for

What does education often do?  It makes a straight cut ditch of a
free meandering brook.
		-- Henry David Thoreau

Subcription/unsubscription/info requests: send e-mail with
"subscribe", "unsubscribe", or "info" on the first line of the
message body to discuss-request at (Subject line is ignored).

BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!

Boston Linux & Unix /