lynn wrote:
Thanks, that sounds good. We've an app where the devs want to rw stuff to their public_html folder. Apache writes as wwwrun:www whereas the 13.1 nginx writes as nginx:nginx: they can't edit their files any longer.
I don't see a problem with the way you have it setup -- especially since in your case, it sounds like nginx is being run *instead* of apache, so keeping the UID/GID the same as what it was before provides a more seamless upgrade. I appreciate having daemons running under their own separate user id -- and not a generic one for all, since a security problem in one daemon gives access to all daemons files running under the same UID/GID. Having each in it's own UID/GID allows for finer access control as well. Another way you might think about 'someday', is to use ACL's and a "default acl" on the directories that can give extended access by group or user name *OR* just use setGID on the directories and have their group set to 'www', so all files created in them will end up in 'www'. Would still need to make sure processes that execute in those dirs have umasks set to something like 002. But if what you have works, no need to change it till the next upgrade... ;-) (BTW -- To go through all folders and set such bits, (GID or ACLs), one would likely use 'find' (all files & dirs owned by 'www', for example and pipe that into xargs...but you likely already know that)). Cheers... -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org