How can I allow my regular user to chown files, via setfacl?

1

I am using ACL to set specific permissions in a directory:

setfacl -R -m u:wordpress:wrx /var/www/html/wp

As that user, I am able to create a subdirectory within the directory with mkdir test, but if I then want to change the ownership with chown apache:apache test, I get an operation not permitted error.

Is there any way to give the wordpress user the ability to change ownership of files within the wp directory which has been set with setfacl?

g18c

Posted 2014-10-29T19:00:51.793

Reputation: 212

Answers

0

Preventing ownership changes is not a filesystem/Access Control Lists feature, it's a UNIX feature designed to prevent bad things from happening.

I suppose you could give the wordpress user the permission to chown via sudoers if you really wanted to, but I would question the reasons for trying to do this in the first place.

Jani Uusitalo

Posted 2014-10-29T19:00:51.793

Reputation: 119

0

A regular user can not change a file's owner, but she can change it's group ownership if the user is in that group. So first add wordpress to the apache group. Then wordpress should be able to use chgrp on the file. You'll probably have to use newgrp apache first. So the process is:

# As root
$ sudo usermod --groups apache wordpress

# As wordpress
$ newgrp apache
$ chgrp apache test
$ ls -ld test
drwxrwxr-x 2 wordpress apache 4096 Jul  2 13:15 test/

But as mentioned before, this is probably not a wise thing to do. You would be better off configuring apache and wordpress to work well together.

gogators

Posted 2014-10-29T19:00:51.793

Reputation: 1 183

Asked: 2014-10-29T19:00:51.793

Viewed: 1 058 times

Active: 2015-07-02T17:32:03.383