6

I want to have different users including www-data to work together under a specific path. including updating each others files.

I made a new group webimage

addgroup webimage

and

adduser user1 webimage
adduser user2 webimage
adduser www-data webimage

I changed the permissions of the imagedir

chown -R www-data:webimage image/

and user1 can write but the file has permisions

-rw-rw-r-- 1 user1       user1

and no one can update the file but this user. How can I get this to work in a secure manner. Outside of this directory of course each users file is private as usual.

LoremIpsum
  • 81
Michael Temeschinko
  • 181
  • Having multiple devs work on the same machine is… very weird. What exactly did you have in mind? – Alexander Jul 16 '21 at 02:29
  • @Alexander multiple person should be able to update images wich are also manipulated (scaled or cropped) by the webserver. I don't think it's weird (persons are not developers - in case you think on vcs) – Michael Temeschinko Jul 19 '21 at 07:55

1 Answers1

11

You can set the setgid bit for that:

sudo chmod g+s image/

This will cause any file created in that directory to be owned by the same group as the directory. Thus, if image is owned by group webimage, any file created there will be owned by the group webimage. If also read and write permissions are set for the group, all members of the group will be able to update the file.

vanadium
  • 88,010