Closed (fixed)
Project:
Provision ACL support
Version:
6.x-1.0
Component:
Code
Priority:
Critical
Category:
Feature request
Assigned:
Unassigned
Reporter:
Created:
23 Mar 2011 at 21:28 UTC
Updated:
7 Apr 2011 at 18:32 UTC
Now we can run drush. But we can't upload modules and do other cool stuff in files/, let's do that too.
Comments
Comment #1
anarcat commentedWe'll probably need a "default" ACL here so that created files inherit the goods...
Do we want this optional? (I would say no.)
Do we want to recurse into existing directories? (I would say no.)
Comment #2
anarcat commenteddone too, in head, the way i said.
Comment #3
omega8cc commentedI still didn't test it yet and only looked into code, so I will simply ask if something like this is expected to work as before in our Aegir SaaS setup:
* Aegir main admin/owner never has access to its aegir system user, so he can't operate in the hostmaster space/aliases at all.
* Instead, he is using separate account with restricted shell, and this account is a member of aegir group and www-data group.
* There are also other users (FTPS only) who can access only their sites/domain directories.
We are using default system umask 002 so the Aegir admin user can still access/overwrite changes made by other users in their sites.
The question is: should we simply add the same ACL for this admin users as now aegir user will have and the rest will work as-is?
Comment #4
anarcat commentedthe advantage of the provisionacl approach is that you get real site separation, without messing around with umasks, which grant *everyone* access to *every* site.