[Box-Admins] box2:/var/www/files permissions update
Ken Causey
ken at kencausey.com
Wed Feb 26 17:45:43 UTC 2014
On 02/25/2014 01:37 PM, Chris Muller wrote:
> Okay. I may not be clear on what the exact role of each user/group is
> supposed to play. Is website an account only for what the squeak.org
> _web server_ needs? Or is it an account for web-team members to put
> out the files to support the web-site?
>
> Would there be a security advantage for the web-site to run under an
> account that does not have write-access to anything it doesn't need..?
Yes it would be. Ideally we should have been maintaining checksums for
all the FTP files as well. Care to work on that?
Ken
>
> On Tue, Feb 25, 2014 at 1:29 PM, Ken Causey <ken at kencausey.com> wrote:
>> On 02/25/2014 01:22 PM, Chris Muller wrote:
>>>
>>> I was unable to create a "4.5" directory as the "updates" user on
>>> box2. Owner and Group permission for the "files" directory (rwxr x r
>>> x) belonged to "website".
>>>
>>> In fact, website does not need write access, just read. "updates"
>>> needs write access.
>>>
>>> So I gave ownership of "files" to the "updates" user. website still has
>>> group.
>>>
>>> - Chris
>>>
>>>
>>
>> While it can certainly be changed the management of the FTP site aka Files
>> was assigned to the webteam which had control of the website account and
>> could divvy out access to team members as needed. When this failed, anyone
>> with access to the root account (now sudo access) can always step in.
>>
>> The practice in the past was for someone with either website or superuser
>> access to create a new directory for the release and give updates write
>> access to it.
>>
>> Ken
>
>
More information about the Box-Admins
mailing list