I have a web application running on Linux (using CentOS 6) using a generic non-root user name, say app1. I've associated all the files under the folder /home/app1 with that user/group (using chown -R app1:app1) so it can serve up web pages and write to logs as necessary. When it comes to updates though I'm trying to figure out how to handle permissions so that I don't need to constantly run the chown command on the /home/app1 directory. There's a requirement to log in to the server with a unique id so if devguy1 logs in and copies an update the files he wrote over now have devguy1 as the owner and group and the app1 won't be able to read the new file. Devguy1 is part of the app1 group so they can update the app but not vice versa. I see that there's a way to copy files using cp -p that will preserve permissions but we're usually using Beyond Compare to move updates from our Dev server to production which doesn't have that option. Is there a setting on the parent folder that could make the file keep the app1 owner/group info or is there a way that when a new user is created that I could add app1 to their group?
Linux – Maintaining Linux file owner and group info in a multi-user system
file-permissionsfilesystemslinuxpermissions
Best Answer
Set the setuid and setgid bits on all of the directories under /home/app1:
(See
man findto learn about the find command, andman chmodto learn about the setuid and setgid bits.) That causes the user and group owners to be preserved when new files and directories are created in any of the existing directories.I believe there are cases that will still ignore the suid and sgid bits, like saving to SMB shares, or copying with permissions intact using
cp -p. But for the most part, it should work.