0

I am trying to manipulate a file and create a new folder from within a web service and am running into a permission denied error. What is the recommended way to configure these permissions? The use case is as follows.

  1. A user name is passed as a parameter in the URL along with a command.
  2. Based on the command, I am trying to create a file or copy some files over to a specific user directory. Safe to assume that this user is different from the user that owns tomcat.
  3. Is it possible to impersonate a system user for running other processes/shell scripts from within the web service?
user457246
  • 3
  • 1

1 Answers1

0

By default your web service runs as an non privileged user, for example www-data. Your web service can only create files in directories that it has write access to.

For security reasons it is a bad idea to give a web service any kind of write access to full user directories. You could do something like:

  1. Make a separate upload folder for each user /home/[username]/webuploads
  2. give www-data write permissions to that folder
    • chmod a+rw /home/[username]/webuploads
    • or setfacl -m u:www-data:rwx /home/[username]/webuploads if your filesystem supports acl lists

This gives your webservice the ability to write into other users home directories, but also does not allow the service to overwrite everything in the users directories.

StKiller
  • 7,631
  • 10
  • 43
  • 56
Steve Perkson
  • 167
  • 1
  • 8