setfacl#

Allow writing to a directory for an unprivileged user using linux acl (setfacl).

Write#

Allow the user gitlab-runner to write to /var/www/felixhummel.de/.

setfacl --recursive --modify u:gitlab-runner:rwX,d:u:gitlab-runner:rwX /var/www/felixhummel.de/

  • The d:... syntax means “default”. This way, new files and directories get the ACL too.

  • The X in rwX is uppercase, meaning, that directories get execute, but files do not.

Read#

The user caddy should be able to read anything in /var/www/:

setfacl --recursive --modify u:caddy:rwX,d:u:caddy:rwX /var/www/

Show ACLs#

getfacl /var/www/felixhummel.de/

Delete ACL#

For example the write ACL above:

setfacl --recursive --remove u:gitlab-runner,d:u:gitlab-runner /var/www/felixhummel.de/

Note that the mode (rwX) is not present for removal.

Words Written This Year   Static Sites as Gitlab Review Apps with Caddy
On this page