0

My Debian machine is running DirectAdmin and we have build our own CMS. By now, when we create a new website a new folder and user will created down the /home/ directory.

As an developer to setup templates for each customer we need to be in the user directory. For now It's way to complicated cause for each customer you need to take that ftp account. Way to complicated if there are more than 100 customers.

To make things easier, I've created one ftp account 'developer' this account should be able to access /home/ directory. For Now I have a permission denied to access the directory maps. Of course, the /home/ directory is owned by 'root'

My question is, what is the best way to make a permission / group change for the directory /home/ so the ftp account 'developer' has access to all the websites in this directory.

Thanks Nick

user968898
  • 153
  • 1
  • 3
  • 12

1 Answers1

0

One approach is with POSIX Access Control Lists, which can be used to define more fine-grained discretionary access rights for files and directories than the classical user+group+other permissions. man acl

To use acl's the filesystem must be mounted with acl support, assuming /home is on a separate file system: 

mount -o remount,acl /home

and make the acl mount option permanent in /etc/fstab:

#/etc/fstab
/dev/sda3  /home  ext4    defaults,acl  1 1

Then create a the access control list which grants read-write access to the developer user regardless of or maybe in addition to the normal file/directory permissions.

setfacl -d u:developer:x /home/*/
setfacl -m u:developer:x /home/*/

setfacl -d -R u:developer:rwx /home/*/webroot/
setfacl -R -m u:developer:rwx /home/*/webroot/

The -d switch sets the default for new files/directories, -m will change the effective rights mask of existing files/directories.

HBruijn
  • 72,524
  • 21
  • 127
  • 192