1 |
On Thursday 29 Sep 2011 07:57:49 Jonas de Buhr wrote: |
2 |
> >> The problem with that is he will need to test his code in the working |
3 |
> >> system. |
4 |
> |
5 |
> why in the production system? |
6 |
> |
7 |
> >>I need a way for him to be able to read/write to a certain |
8 |
> >> |
9 |
> >> file or files within the working system, but have no read/write |
10 |
> >> access to any other files in the system. |
11 |
> >> |
12 |
> >> Is SFTP perhaps the way to go for this? |
13 |
> >> |
14 |
> >> - Grant |
15 |
> > |
16 |
> >For some reason I thought SFTP would provide access control but now |
17 |
> >I'm thinking it's just like SSH in that access control is based on |
18 |
> >file ownership and permissions? |
19 |
> |
20 |
> yes. |
21 |
> |
22 |
> > If that's the case, can anyone think |
23 |
> > |
24 |
> >of a better way to control remote access to my files than chmod/chown? |
25 |
> |
26 |
> someone already did ;) |
27 |
> http://www.gentoo-wiki.info/HOWTO_Use_filesystem_ACLs |
28 |
> |
29 |
> > I think it would be nice if the access control were built into the |
30 |
> > |
31 |
> >transport mechanism, version control system, or something else already |
32 |
> >in use, but it doesn't sound like that's going to happen. |
33 |
> |
34 |
> its certainly possible to control the write access with ACLs. read |
35 |
> access however is a different story because as soon as his code runs in |
36 |
> the context of the webrowser he will likely be able to read the rest of |
37 |
> the code. |
38 |
|
39 |
I'm not sure if you are overcomplicating this by trying to use Unix |
40 |
permission. Have you instead considered webdav? You can restrict this to |
41 |
particular (apache) users/groups, directories, files. It also uses lockfiles |
42 |
so with two users editing a file simultaneously will cause a warning when you |
43 |
try to save it. |
44 |
-- |
45 |
Regards, |
46 |
Mick |