site owner should be able to get at their own logs #29

dale-c-anderson · 2022-05-15T16:03:06Z

make sure acl package is present , then, after dirs are created,

/usr/bin/find /var/log/vhosts/<account> -type d -exec /usr/bin/setfacl -md u:<owner>:r  {} \;   # set default for newly created files
/usr/bin/find /var/log/vhosts/<account> -type f -exec /usr/bin/setfacl -m u:<owner>:r {} \;   # give read on current files
/usr/bin/find /var/log/vhosts/<account> -type d -exec /usr/bin/setfacl -m u:<owner>:rx  {} \;   # give read and traverse on current dirs

or in ansible (just eyeballing here, this might need tweaking)

    - name: Make sure setfacl is installed
      package:
        name: acl
        state: present

    - name: Give web account owner access to their own logs (default for new items)
      acl:
        path: /var/log/vhosts/{{ account }}
        entity: "{{ account }}"
        etype: user
        permissions: rx
        default: true
        recursive: true
        state: present

    - name: Give web account owner access to their own logs (existing items)
      acl:
        path: /var/log/vhosts/{{ account }}
        entity: "{{ account }}"
        etype: user
        permissions: rx
        default: false
        recursive: true
        state: present

The text was updated successfully, but these errors were encountered:

dale-c-anderson added bug Something isn't working enhancement New feature or request labels May 15, 2022

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

site owner should be able to get at their own logs #29

site owner should be able to get at their own logs #29

dale-c-anderson commented May 15, 2022 •

edited

Loading

site owner should be able to get at their own logs #29

site owner should be able to get at their own logs #29

Comments

dale-c-anderson commented May 15, 2022 • edited Loading

dale-c-anderson commented May 15, 2022 •

edited

Loading