| 1 |
On Thursday 29 Sep 2011 07:57:49 Jonas de Buhr wrote: |
| 2 |
> >> The problem with that is he will need to test his code in the working |
| 3 |
> >> system. |
| 4 |
> |
| 5 |
> why in the production system? |
| 6 |
> |
| 7 |
> >>I need a way for him to be able to read/write to a certain |
| 8 |
> >> |
| 9 |
> >> file or files within the working system, but have no read/write |
| 10 |
> >> access to any other files in the system. |
| 11 |
> >> |
| 12 |
> >> Is SFTP perhaps the way to go for this? |
| 13 |
> >> |
| 14 |
> >> - Grant |
| 15 |
> > |
| 16 |
> >For some reason I thought SFTP would provide access control but now |
| 17 |
> >I'm thinking it's just like SSH in that access control is based on |
| 18 |
> >file ownership and permissions? |
| 19 |
> |
| 20 |
> yes. |
| 21 |
> |
| 22 |
> > If that's the case, can anyone think |
| 23 |
> > |
| 24 |
> >of a better way to control remote access to my files than chmod/chown? |
| 25 |
> |
| 26 |
> someone already did ;) |
| 27 |
> http://www.gentoo-wiki.info/HOWTO_Use_filesystem_ACLs |
| 28 |
> |
| 29 |
> > I think it would be nice if the access control were built into the |
| 30 |
> > |
| 31 |
> >transport mechanism, version control system, or something else already |
| 32 |
> >in use, but it doesn't sound like that's going to happen. |
| 33 |
> |
| 34 |
> its certainly possible to control the write access with ACLs. read |
| 35 |
> access however is a different story because as soon as his code runs in |
| 36 |
> the context of the webrowser he will likely be able to read the rest of |
| 37 |
> the code. |
| 38 |
|
| 39 |
I'm not sure if you are overcomplicating this by trying to use Unix |
| 40 |
permission. Have you instead considered webdav? You can restrict this to |
| 41 |
particular (apache) users/groups, directories, files. It also uses lockfiles |
| 42 |
so with two users editing a file simultaneously will cause a warning when you |
| 43 |
try to save it. |
| 44 |
-- |
| 45 |
Regards, |
| 46 |
Mick |
Archives