less permissive volume sharing

Recliner2042

In the docs, it says to chmod 777 any volume you want shared between various apps.

Is there an easy way to be more restrictive about this? What if I only want two apps to have access, and don't want every local machine user to?

Recliner2042

I see at the bottom of the page https://docs.cloudron.io/volumes/#sharing there are instructions to share with all users of the media group. Is the chmod 777 really still necessary when doing that? And if I want to be specific about which apps have access, then do I create a new group, add the run-as users to it, and then follow the same instructions for media but with my new group?

murgero

It uses linux permissions, I'd expect that chown'ing the folder(s) in question to yellowtent would be enough - otherwise there isn't much that can be done via cloudron for the volumes. Restrict the folder to the yellowtent user and group (Cloudron's user) and I think that'll be enough - but it wont restrict per-app.

Recliner2042

@murgero Thank you. That's what I was thinking. But it wasn't the case. Apps can't write to a directory owned by yellowtent.

murgero

@Recliner2042 oh, does it have to be root? I don't use the shared volumes currently so I wasn't 100% sure, just working of basic Linux Knowledge

Recliner2042

@murgero I'm pretty sure you have to create a group, place each run-as app-user into that group, and then make the group own the directory. But I'm not an expert at this stuff.

Recliner2042

@girish did you mark this solved because I got it right in my last post?

girish

@Recliner2042 yes, sorry, I thought the problem was solved. Is that not the case?

Recliner2042

@girish Well, it wasn't exactly a problem. I was just asking an important question, and wanted a confirmation that I guessed the right answer.