How to allow easy editing of www-data owned files by a user

Chris Green cl at isbd.net
Wed Dec 6 10:35:47 UTC 2017 

On Tue, Dec 05, 2017 at 10:05:42PM +0000, Peter Flynn wrote:
> On 12/05/2017 10:26 AM, Chris Green wrote:
> > I've been trying to find a good solution to this problem for *years*
> > but I'm still hitting problems with it.  The current problem is that
> > synching doesn't deal well with directories and files which have
> > different owners on different systems.
> > 
> > The essential problem is that web files which are manipulated by
> > apache need to be owned by www-data but I want to be able to edit
> > these files as well.
> 
> This sounds like the setgid bit in the file permissions would be useful. We
> use this for web server accounts where the application requires ownership by
> the server process (apache aka www-data) to create subdirectories and files
> but the site owner needs to be able do the same.
> 
I did originally set things up this way and it helps but it's not
perfect.  You still end up with files owned by www-data as files get
created by apache2 when using the wiki as a wiki and then the
non-owner can't do *some* things (e.g. change permissions).


I have a directory 'wiki' in my home directory which is the root of
the whole DokuWiki installation.  There is a link from /srv to
/home/chris/wiki so that apache2 serves the wiki on the web.

Much of the time I edit the wiki files directly by going into ~/wiki
and editing the relevant file - DokuWiki uses ordinary text files with
a simple mark up so this is very easy to do and the files are quite
readable as text.  Thus most of the time files are owned by 'chris'.

Sometimes though I edit files through the wiki (e.g. if I'm doing it
from someone else's computer, or if it's a very small change) and in
this case some files will get created with www-data ownership.

I run syncthing to synchronise the wiki between my desktop, my laptop
and a virtual server on Gandi hosting.

It was a recent problem with syncthing that made me think I had a
problem with chris/www-data ownership conflicting but having now
cleared that (fairly minor) problem I don't think it was actually
caused by mixed ownership.

My current solution to the mixed ownership issue which does seem to
actually work, uses ACLs.  What you do is set permissions as
follows:-

    cd /home/chris
    #
    #
    # Set so users chris and www-data can do anything everywhere
    #
    setfacl -R -m u:chris:rwx wiki
    setfacl -R -m u:www-data:rwx wiki
    #
    #
    # Set so new files and directories have the same permissions
    #
    setfacl -R -d -m u:chris:rwx wiki
    setfacl -R -d -m u:www-data:rwx wiki

As I say I thought this *wasn't* working, hence my original question,
but I now think that it is actually working OK and that the syncthing
problem was caused by somthing else (probably changes on two systems
done close together timewise).

-- 
Chris Green

More information about the ubuntu-users mailing list