On Thursday 29 Sep 2011 07:57:49 Jonas de Buhr wrote: > >> The problem with that is he will need to test his code in the working > >> system. > > why in the production system? > > >>I need a way for him to be able to read/write to a certain > >> > >> file or files within the working system, but have no read/write > >> access to any other files in the system. > >> > >> Is SFTP perhaps the way to go for this? > >> > >> - Grant > > > >For some reason I thought SFTP would provide access control but now > >I'm thinking it's just like SSH in that access control is based on > >file ownership and permissions? > > yes. > > > If that's the case, can anyone think > > > >of a better way to control remote access to my files than chmod/chown? > > someone already did ;) > http://www.gentoo-wiki.info/HOWTO_Use_filesystem_ACLs > > > I think it would be nice if the access control were built into the > > > >transport mechanism, version control system, or something else already > >in use, but it doesn't sound like that's going to happen. > > its certainly possible to control the write access with ACLs. read > access however is a different story because as soon as his code runs in > the context of the webrowser he will likely be able to read the rest of > the code.
I'm not sure if you are overcomplicating this by trying to use Unix permission. Have you instead considered webdav? You can restrict this to particular (apache) users/groups, directories, files. It also uses lockfiles so with two users editing a file simultaneously will cause a warning when you try to save it. -- Regards, Mick
signature.asc
Description: This is a digitally signed message part.
