3

I have a server with a user named deploy-user and have written a backup script to backup a number of websites associated with this user. However one of the sites I'm trying to backup has a directory /home/usera/web/www.example.com/some/random_dir is owned by apache-data-user.

What permissions would I give deploy-user to be able to backup that directory. Options I am aware of are either:

  • Running the script as root, which I don't really want to do.
  • Adding apache-data-user and deploy-user to the same group. But then apache-data-user will have to many permissions.

Has anyone got a suggestion of the best way to backup this directory?

Jamie
  • 471

4 Answers4

1

find default apache user's group in /etc/groups

and add deploy-user to that group

jet
  • 894
0

If you don't want to put deploy-user and apache-data-user into the same group then ACL suits you best.

phunehehe
  • 20,240
0

Option 2 is definitely the way to go, unless you want to use ACL. Note that such a group will probably only need read permissions to the directory you're referring to.

Another option would be to use sudo to give the deploy-user some very restricted rights to only perform backup operations as root.

0

If you have access control lists enabled, give deploy-user the right to read /home/usera/web/www.example.com/some/random_dir and its contents. To enable ACLs, you may need to add the acl option to the entry for the filesystem in /etc/fstab and install your distribution's acl package.

Under Linux, the following commands give deploy-user the right to read and traverse the whole hierarchy rooted at /home/usera/web:

setfacl -d -m user:deploy-user:rx -R /home/usera/web
setfacl -m user:deploy-user:rx -R /home/usera/web
Gilles 'SO- stop being evil'
  • 829,060