How do I set files and directories created as root to be read and executable as another user?

I'm using Cloud9IDE's SSH workspaces, and for a variety of reasons, we are required to create that SSH tunnel as root. This is not really an issue, however the files and directories we are creating with it actually live under a user folder (in this case let's say the user is "foobar", so the files are being created in /home/foobar/public_html/dev).

The problem is that since the user "root" is actually creating the files, navigating to those files in the browser returns a 404, since the server uses the user "foobar" to serve pages.

I need a way to ensure that even though files have been created by the root user, the user foobar should be able to read and execute them as though that user created them.

I have tried using setfacl -Rdm with a group that includes root and foobar, and that wound up making it so foobar could no longer serve any files in it's directory.

For example:

-rw-r--r--  1 foobar  foobar    125 May 15 11:26 die.html
-rw-r--r--  1 root    root      127 May 15 12:20 dies.html

In this case, the file "die.html" is served properly, but "dies.html" results in a 404 due to the owner and group.

Any thoughts on how to resolve this? To reiterate: I would need this to happen for all future files, not simply files which presently exist.

Mike Dettmer

Posted 2015-05-15T16:32:26.770

Reputation: 23

Answers

Take your pick:

chown foobar:foobar *

chown foobar:foobar dies.html

chown foobar *

chown foobar dies.html

So, to have all files created owned by foobar, here's what you need to do:

run crontab -e and input this:

* * * * * while true; do chown foobar:foobar -R /home/foobar/public_html/dev/* & sleep 1; done

Save it, and let cron take over permissions

td512

Posted 2015-05-15T16:32:26.770

Reputation: 4 778

Thank you for your reply, however I need all future files created to be owned by foobar, not simply files that already exist. I'll update my question to reflect this. – Mike Dettmer – 2015-05-15T17:41:56.190

I'll update my answer – td512 – 2015-05-15T17:43:31.723

This 100% solved my specific issue. Thank you so much, I'm not a sysadmin but I'm the only one at the company remotely capable of handling this. You saved the day! – Mike Dettmer – 2015-05-15T18:34:28.217

no probs, just curious, did that cronjob set to execute every second work properly? It should each second recursively chown files – td512 – 2015-05-15T18:35:39.180

It did! However, that introduced an issue with our front end developers using Grunt, in that any files being watched for changes were then triggered as being changed after the chown resulting in incredible server strain as 100s of sass files were being compiled every second. Guess I'll have to figure out another solution! Still marked yours as correct, though, since it did solve what I originally asked for. – Mike Dettmer – 2015-05-15T18:54:19.233

change your User Identity to foobar after establishing ssh tunnel by entering su foobar and enter password of foobar.

Marco M. von Hagen

Posted 2015-05-15T16:32:26.770

Reputation: 495

Create a new group, Say devs and put all users who needs read/write access to your files in that group. And then change the group of that directory to devs.

With this command:

chgrp -R devs /home/foobar/public_html/dev

After that set setgid bit in that directory with this command:

chmod -R g+s /home/foobar/public_html/dev

From this point all files created in that directory will be owned by group devs and all users in that group will have read/write access to the fies(Depends on permissions).

If you want to know what setgid is check this link.

B.A.B

Posted 2015-05-15T16:32:26.770

Reputation: 196