Force permission change when moving to a folder?

[erbic]

I run a small website off my Macbook Pro. Works nicely; I used MacPorts to install Apache2, MySQL5, and PHP5, then symlinked stuff so the Personal Web Sharing button in System Preferences activates Apache2 instead of 1.3.

 

Apache's DocumentRoot is my ~/Sites folder; I have permissions set so that group 'www' has read-write access. This is so the folder is server-writable, for my WordPress blog.

 

Everything works fine with this method. However, if I download a new plugin, etc. for WordPress or anything that needs to be server-writable, I have to manually go in and change the group to 'www' once I've copied it into my Sites folder. It's kind of annoying, even though it doesn't take all that long.

 

Is there a way to have anything I copy into my Sites folder be automatically set to group 'www' with read-write access for the group? Maybe some hidden setting? I've been looking around, and haven't found much of anything.

[asap18]

Did you use chown?

 

chown -R www:www ~/Sites (i think thats what it is)

go into the Sites folder and maybe do a chown -R www:www *

[erbic]

Yes, but that wasn't really my problem...

 

The Sites folder is set to group www, but if I move a file I've downloaded to that folder, the permissions on that one file don't change. This is evident because WordPress will yell at me about how the plugin I added isn't editable. What I'm looking for is a way for individual files to automatically have group set to www as soon as I move them to the Sites folder. I'd rather not have to do chown or change permissions in the Get Info window every time I get a new server-related file.

 

I don't know if that's possible.

[sib]

I use Fetch for a ftp ,get this you can set this program to whatever root file you want to log into as a default

This program may solve your problem hope this maybe helpful?

[erbic]

That's OK... the problem is I'm talking about the Sites folder on my hard disk. I suppose I could FTP into my own computer from my own computer, but that'd be kind of roundabout and redundant.

[hecker]

It's simple, you have to use ACL (Access Control Lists).

I would recommend you download the server tools and read this: http://arstechnica.com/reviews/os/macosx-10.4.ars/8

 

Good luck,

 

hecker

 

PS: Here's a short description of ACL for those too lazy to click the link

Access control lists

 

Traditional Unix file permissions are flexible, but it's still not hard to construct scenarios in which they do not offer enough control. For example, imagine trying allow a single user, Bob, to read one of your files. With traditional Unix file permissions, the only way to do it is to make a new group (say, "friends") with just two people in it, you and Bob. Then you'd change the file's group to be your new two-member group, and enable the group read permission.

 

That was awkward, but now imagine that you want to let a third user, Ray, write to the file, but not read it. Now you're stuck. If you put Ray into the "friends" group, he'll be able to read the file. And if you grant write access to the "friends" group, then Bob can write to the file. Since a file can only have one owner and one group, there's nothing you can do. The Unix permission system is not flexible enough to accommodate these needs.

 

Worse, imagine that you want to grant the ability to delete a particular file to a group of users. In traditional Unix permissions, there is no "delete" permission for a single file. The ability to delete a file is controlled by the "write" permission of the parent directory. But you want to allow just this particular file to be deleted, not all files in the same directory. The Unix permission system is not fine-grained enough to accommodate these needs.

 

Enter access control lists. An ACL is an ordered list of rules that control file permissions. Each rule specifies three things: an actor, an action, and whether that action is allowed or denied. A rule is also known as an ACE, or access control entry.

Edited March 16, 2007 by hecker

[erbic]

I don't think that works. To reiterate: I'm trying to make it so that ANYTHING I put in the Sites folder or in a subfolder of Sites have its permissions changed as such: User = www, group = www, access= read/write/execute.

 

For the record, I did try the ACLs. Didn't work, since I think you can only set them on individual files.

[hecker]

You can set ACL for any file, including directories as well. The subfolders and files (children) will inherit the permissions of the parent directory when they are created.

 

ACLs support "static inheritance." This means that the initial ACL for a newly created file may be determined by the ACLs of one or more of the parent directories. This inheritance happens once, at the time the new file is created. If the ACLs of the parents change in the future, the children won't inherit those changes.

 

I strongly recommend that you read through the entire article I linked to and that you get the server tools, since these make it quite easy to manage ACL lists. It is possible to manage the ACL without the tools, though.

PM me if you need to "know" where to get the tools

 

hecker

 

EDIT: as you may see in the pic, you can set inheritance from the Workgroup Manager app.

acl_capture.tiff

Edited March 16, 2007 by hecker

[erbic]

Oh, I get it. I didn't get the server tools, and the command line interface is a bit confusing.

 

PM sent.