1

I'm creating git repositories, ldap accounts and ldap groups using PHP application. Everything works fine, but I have a problem to set right permissions to git repositories. Every ldap user is a member of some ldap group, so I want to change group on git repository (regular directory) to specific ldap group. The problem is, that user www-data can't change group to any other he is not member of. How can I change group after creating directory under apache/www-data user?

www-data@server:/home/git$ mkdir repo.git
www-data@server:/home/git$ chgrp mygroup repo.git
chgrp: changing group of `repo.git/': Operation not permitted
Peter Krejci
  • 123
  • 5

1 Answers1

1

You either need to make www-data a member of mygroup or use the superuser account to make the change. In either case, you'll need root access or somebody with root access to help you.

Lars Kotthoff
  • 646
  • 4
  • 10
  • I have a root access on this machine, that's not a problem. Problem is that I can't do it manually, because this repositories and groups are made dynamically via web application, so I even can't make `www-data` member of `mygroup`, it must be on the fly. Maybe I can set crontab, but isn't there any better solution? – Peter Krejci Nov 04 '12 at 12:14
  • Could you make `www-data` a member of the group when you're creating it? – Lars Kotthoff Nov 04 '12 at 12:38
  • That's not possible because everything is run under `www-data` and I can't assign me to whatever group I want. – Peter Krejci Nov 04 '12 at 14:29
  • 1
    Sounds like a cron job or some kind of event-based triggering (i.e. when a new group appears, do something) is what you need. If you don't need `www-data` to become a member of the new groups immediately, a cron job that adds it seems like the best solution. – Lars Kotthoff Nov 04 '12 at 14:56
  • I fnally made it using cronjob. I found something useful e.g. here http://serverfault.com/questions/157272/allow-apache-to-run-a-command-as-a-different-user but I needed really simple solution and now it is already done:) – Peter Krejci Nov 04 '12 at 16:26