Project

General

Profile

[Solved] File Create ownership/permissions

Added by pluffmud 3 months ago

PI4B
1.4.59-1+deb11u2 arm64

I have lighttpd + webdav running on my Pi4B

It works
My issue is ownership/permissions of files being updated/created . A new file ends up like this "-rw-r--r-- 1 www-data www-data 63214 Nov 29 08:53 some_file.txt"

Is there anyway to say "retain file ownership/permissions"
or
New files are group writable

I prefer not to run it under the actual owner of all the files but perhaps thats the solution


Replies (2)

RE: File Create ownership/permissions - Added by gstrauss 3 months ago

Is there anyway to say "retain file ownership/permissions"

No, sorry. lighttpd mod_webdav performs atomic modifications to files, typically involving writing changes to a newly created temporary file, and then atomically renaming into place.

Not implemented: It is theoretically possible for lighttpd to copy the ownership and permission mode of an existing file prior to the rename, but that would require lighttpd running as root, which is a not a requirement for lighttpd mod_webdav. However, this would not address the ownership of new files. Theoretically, lighttpd could set ownership from mod_auth, but that would not only require lighttpd running as root, but also that mod_auth be required and that mod_auth map to users in the filesystem, which is often not the case (unless using mod_authn_pam).

or
New files are group writable

In your init script which starts lighttpd, you can change the shell umask to 002 instead of 022 before starting lighttpd.

You can also use filesystem permission mode g+s on directories to set group ownership.
For example, see "group + s (pecial)" in https://www.redhat.com/sysadmin/suid-sgid-sticky-bit

Combined with the having the primary group of a user being a unique group for that user (if you do that on your system), then you can keep files with group ownership unique to a specific user per directory with g+s set. Directories created within directories with g+s inherit g+s.

RE: File Create ownership/permissions - Added by pluffmud 3 months ago

The g+s and the umask change are doing what I need . (umask done in systemd with ExecStart=/usr/bin/bash -c 'umask 002;/usr/sbin/lighttpd -D -f /etc/lighttpd/lighttpd.conf')

    (1-2/2)