drwsr-sr-x 6 bob apache 4096 Jan 26 16:00 images
-rw-r-Sr– 1 apache apache 16155 Jan 26 16:00 menucafe_sandwich.jpg
-rw-r–r– 1 apache apache 16155 Jan 26 17:02 menucafe_sandwich.jpg
drwsr-sr-x 6 bob apache 4096 Jan 26 17:12 images
drwsrws–x 6 bob apache 4096 Jan 26 17:30 images
-rw-r–r– 1 apache apache 16155 Jan 26 17:30 menucafe_sandwich.jpg
$ mkdir foo
$ ls -ld foo
drwxr-xr-x 2 david david 4096 2009-01-26 17:36 foo/
$ chown david:media foo
$ chmod g+w foo
$ chmod +s foo
$ ls -ld foo
drwsrwsr-x 2 david media 4096 2009-01-26 17:36 foo/
$ touch foo/davids_file
$ sudo -u aurelie touch foo/aurelies_file
$ ls -l foo/
total 0
-rw-r–r– 1 aurelie media 0 2009-01-26 17:36 aurelies_file
-rw-r–r– 1 david media 0 2009-01-26 17:36 davids_file
$
$ mkdir foo
$ ls -ld foo
drwxr-xr-x 2 david david 4096 2009-01-26 17:36 foo/
$ chown david:media foo
$ chmod g+w foo
$ chmod +s foo
$ ls -ld foo
drwsrwsr-x 2 david media 4096 2009-01-26 17:36 foo/
$ touch foo/davids_file
$ sudo -u aurelie touch foo/aurelies_file
$ ls -l foo/
total 0
-rw-r–r– 1 aurelie media 0 2009-01-26 17:36 aurelies_file
-rw-r–r– 1 david media 0 2009-01-26 17:36 davids_file
$
# chown bob:apache images
# chmod g+w images
# chmod +s images
# ls -ld images
drwsrwsr-x 6 bob apache 4096 Jan 27 12:50 images
# touch images/cisco-logo.gif
# sudo -u bob touch images/cisco-logo.gif
touch: cannot touch `images/cisco-logo.gif': Permission denied
total 312
-rwSr-Sr– 1 bob apache 1352 Nov 10 19:24 apply_f2.png
-rwSr-Sr– 1 bob apache 1648 Nov 10 19:24 archive_f2.png
-rwSr-Sr– 1 bob apache 1620 Nov 10 19:24 back_f2.png
drwSrwsr-x 2 bob apache 4096 Nov 10 19:26 banners
-rwSr-Sr– 1 bob apache 151 Nov 10 19:24 blank.png
-rwSr-Sr– 1 bob apache 564 Nov 10 19:24 cancel.png
-rw-r–r– 1 apache apache 3039 Jan 27 14:13 cisco-logo.gif
-rwSr-Sr– 1 bob apache 1776 Nov 10 19:24 css_f2.png
-rwSr-Sr– 1 bob apache 1719 Nov 10 19:24 edit_f2.png
-rw-r–r– 1 apache apache 100322 Jan 26 18:02 geltrac.png
-rwSr-Sr– 1 bob apache 1744 Nov 10 19:24 html_f2.png
-rwSr-Sr– 1 bob apache 44 Nov 10 19:24 index.html
-rwSr-Sr– 1 bob apache 7200 Nov 10 19:24 joomla_logo_black.jpg
-rwSr-Sr– 1 bob apache 190 Nov 10 19:24 menu_divider.png
drwsr-sr-x 2 bob apache 4096 Nov 10 19:26 M_images
-rwSr-Sr– 1 bob apache 1655 Nov 10 19:24 new_f2.png
-rwSr-Sr– 1 bob apache 2560 Nov 10 19:24 powered_by.png
-rwSr-Sr– 1 bob apache 1699 Nov 10 19:24 preview_f2.png
-rwSr-Sr– 1 bob apache 1800 Nov 10 19:24 publish_f2.png
-rwSr-Sr– 1 bob apache 698 Nov 10 19:24 save.png
drwsr-sr-x 2 bob apache 4096 Nov 10 19:26 smilies
-rwSr-Sr– 1 bob apache 202 Nov 10 19:24 sort_asc.png
-rwSr-Sr– 1 bob apache 201 Nov 10 19:24 sort_desc.png
drwSrwsr-x 4 bob apache 4096 Jan 26 14:48 stories
-rwSr-Sr– 1 bob apache 1525 Nov 10 19:24 unarchive_f2.png
-rwSr-Sr– 1 bob apache 1658 Nov 10 19:24 upload_f2.png
[bob@server images]$ touch cisco-logo.gif
touch: cannot touch `cisco-logo.gif': Permission denied
-rw-r–r– 1 apache apache 3039 Jan 27 14:13 cisco-logo.gif
Joomla was installed and 'running' under the user directory "bob" where all the files are owned and group owned by "bob".
But "bob" cannot touch these new files uploaded by Joomla, although he needs to (say installed a template in Joomla and wants to edit the template).
What's the best possible way of handling this? I tried group perms:
I have this in the group file:
Say here's a file uploaded by Joomla Media Manager:
chown: changing ownership of `menucafe_sandwich.jpg': Operation not permitted
bob needs to be able to access/edit any files like this without root interfering.