Re: [greenstone-devel] file permissions

From John R. McPherson
DateWed, 15 Oct 2003 14:29:25 +1300
Subject Re: [greenstone-devel] file permissions
In-Reply-To (3F8CA001-7020100-asti-dost-gov-ph)
Ivy Cabeza wrote:

> thanks, john. actually, we were planning to use the greenstone library
> interface in creating collections. unfortunately, i'm not familiar with
> set user group. how can i library run with a specific group and all the
> created files belonging to the user who created them?

Files are generally created with the owner user and owner group set to that
of the account that ran the commands. What you can do is set the "sticky"
bit on the group of a directory. Eg for the "collect" directory:

host:gsdl$ ls -ld collect
drwxr-xr-x 19 jrm21 ugrad 528 May 14 13:57 collect/
host:gsdl$ chmod -R g+s,g+w collect
host:gsdl$ ls -ld collect
drwxrwsr-x 19 jrm21 ugrad 528 May 14 13:57 collect/

What this means is that anybody who is in the "ugrad" group will be able to
create/modify files in the collect directory, and if they are in other groups,
the files will stay in the "ugrad" group. Of course, you'd want to do this for
the "gsdl" group instead:

host:gsdl$ chown -R .gsdl collect
(you can only do this for files/directories that you own, unless you run the
command as the root user). Also, this syntax is for Linux. For BSD/Mac OS X,
you would say "chown :newgroup filename".

If you want to allow the webserver to modify collections via the Collector
interface, you could make the cgi executable run with the gsdl group:

$ chown .gsdl /var/lib/cgi-bin/library
$ chmod g+s /var/lib/cgi-bin/library

and now the "library" program can read/write/create files as the gsdl group,
if that is what you want.

John McPherson