Change who is able to chmod

aclchmodpermissions

Is there a way to change who can chmod (change the permissions of) a particular file?

It is only the owner of the file (without sudo-ing it), if my experimentation has been correct?

But what I want to do is allow on the group to be able to edit the file permissions, and not the owner.

This isn't possible under the traditional Unix file system I don't think, but I'm wondering if there is a sneaky way it can be done using ACLs or something similar?

Best Answer

Only the owner of the file (and root) are allowed to change permissions to a file. Perhaps you should allow your users to do some stuff as the web server's user (via sudo(1))?

Related Solutions

Linux – Who can change ACL permissions

The setfacl manual page explains who can grant privileges:

The file owner and processes capable of CAP_FOWNER are granted the right to modify ACLs of a file. This is analogous to the permissions required for accessing the file mode. (On current Linux systems, root is the only user with the CAP_FOWNER capability.)

So fred can only use setfacl on files he owns. Depending on your exact security requirements, you may be able to allow members of admins-web22 to run setfacl as apache-web22 (using sudo), which would allow them to change the ACLs on files owned by apache-web22....

Centos – chmod: changing permissions of directory Operation not permitted

from the level above dir:

chmod -R a+x *dir*

to give all users (a) execute permission to all subdirectories and files (+x) or:

chmod -R a+X *dir*

to give all users execute permission to all subdirectories only (+X)

Best Answer

Related Solutions

Linux – Who can change ACL permissions

Centos – chmod: changing permissions of directory Operation not permitted

Related Question